[Freeswitch-users] NAT ACL and security

Wed Aug 18 01:11:48 PDT 2010

Mostly it changes the way URIs and Contact headers are generated because the
actual port numbers used can be different those within the packet when using
NAT.

-Steve

On 18 August 2010 03:54, Victor Chukalovskiy <Victor at isptelecom.net> wrote:

> Brian,
>
> I understand that in treats everything as NAT.
> But what are consequences apart from pinging them every minute?
> I've looked into Wiki, but didn't see clear definition of "NAT behaviour"
>
> Thank you,
> Victor
>
> On -10/01/37 02:59 PM, Brian West wrote:
> > You're treating everything as if it were nat.... including public
> addresses...
> >
> > /b
> >
> > On Aug 16, 2010, at 2:20 PM, Victor Chukalovskiy wrote:
> >
> >
> >> I'm using
> >> <param name=pply-nat-acl" value="my_nat"/>
> >> <param name=at-options-ping" value="true"/>
> >> in my SIP profile in order to make Freeswitch ping every phone
> registered to it.
> >> This works well for keeping phones on remote LANs reachable.
> >>
> >> My_nat ACL is defined as following:
> >>      <list name=y_nat" default="allow">
> >>      </list>
> >> That is, it allows everybody.
> >>
> >> Question: am I making my system insecure by doing so?
> >> I believe "No" since ACL list "my_nat" is only used by appl-nat-acl
> parameter,
> >> but I don't know FreeSWITCH well enough to grantee that nothing else is
> affected.
> >> E.g. does anything else change if phone is considered NATed / non-NATed?
> >>
> >> Regards,
> >> Victor
> >>
> >
> >
> >
>
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20100818/2f4c72ab/attachment.html 