[Freeswitch-users] Firewall mysteriously starts blocking calls to port 5060
Giovanni Maruzzelli
gmaruzz at gmail.com
Sat May 4 17:27:33 UTC 2019
Ahem, udp is the original and standard transport for SIP, tcp is a little
minority, kind of an afterthought and few providers support it
On Sat, May 4, 2019, 18:51 Chad Phillips <chad at apartmentlines.com> wrote:
> It wasn't a fail2ban issue...
>
> This particular provider says they only send SIP traffic over UDP, and I
> had only opened TCP traffic to port 5060 in my firewall.
>
> The part I don't understand is how I was able to receive any calls at all
> from them without UDP/5060 open -- it worked for hours with my new firewall
> config up. That's just weird...
>
> Also, can anybody explain why a provider would use UDP for SIP traffic?
> From my brief reading of the spec, it does seem to be a valid protocol to
> use, but UDP's fire and forget approach seems a poor choice for this task.
>
> On Fri, May 3, 2019 at 11:56 AM David Villasmil <
> david.villasmil.work at gmail.com> wrote:
>
>> Hello,
>>
>> I'd say this is a question for shorewall. But since you're here, is there
>> maybe some flood-prevention mechanism that would block it? Did you check
>> shorewall's log to try and find the reason it was blocked?
>>
>> Regards,
>>
>> David Villasmil
>> email: david.villasmil.work at gmail.com
>> phone: +34669448337
>>
>>
>> On Fri, May 3, 2019 at 6:07 PM Chad Phillips <chad at apartmentlines.com>
>> wrote:
>>
>>> Recently I reconfigured my firewall (via Shorewall) to block all inbound
>>> traffic to port 5060, except for whitelisted IP addresses from my inbound
>>> DID providers. After setup, we ran tests and everything worked fine for all
>>> incoming calls across all providers.
>>>
>>> Then a few hours later, calls from one of our providers started being
>>> blocked. All calls from our other providers continued coming through fine.
>>> Upon restarting our firewall service, the blocked calls from the single
>>> provider started coming through again.
>>>
>>> Between our successful tests and the start of the issue, there were zero
>>> changes made to the server.
>>>
>>> So why would my firewall suddenly start blocking inbound traffic from a
>>> whitelisted IP that it was previously letting through??
>>>
>>>
>>> _________________________________________________________________________
>>>
>>> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
>>> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
>>> services.
>>> Build your next product on our scalable cloud platform.
>>>
>>> Join our online community to chat in real time
>>> https://signalwire.community
>>>
>>> Professional FreeSWITCH Services
>>> sales at freeswitch.com
>>> https://freeswitch.com
>>>
>>> Official FreeSWITCH Sites
>>> https://freeswitch.com/oss
>>> https://freeswitch.org/confluence
>>> https://cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> https://freeswitch.com
>>
>> _________________________________________________________________________
>>
>> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
>> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
>> services.
>> Build your next product on our scalable cloud platform.
>>
>> Join our online community to chat in real time
>> https://signalwire.community
>>
>> Professional FreeSWITCH Services
>> sales at freeswitch.com
>> https://freeswitch.com
>>
>> Official FreeSWITCH Sites
>> https://freeswitch.com/oss
>> https://freeswitch.org/confluence
>> https://cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> https://freeswitch.com
>
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time
> https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20190504/04ca1cd5/attachment-0001.html>
More information about the FreeSWITCH-users
mailing list