[Freeswitch-users] Disabling autonat/external access
charles.colbourn at ovic.co.uk
charles.colbourn at ovic.co.uk
Fri Oct 17 11:15:43 MSD 2014
Nope. On a private network using a small business xDSL circuit. We
don't have a DMZ, we don't do any local hosting. Just a basic off the
shelf broadband circuit. Freeswitch is installed on my desktop PC. The
local network is on an 192.168 numbering scheme, so there's no direct
route from the outside to my desktop machine.
As far as I know (I didn't set it up) the firewall config on the
router blocks all inbound traffic except return traffic.
I've been assuming something related to uPNP is going on. I'll try and
get the guy who looks after the router to disable uPNP - to my mind it
should be switched off anyway.
Quoting Brian West <brian at freeswitch.org>:
> Still won't help if the box is in the DMZ, which I highly suspect is what
> took place.
>
> On Thu, Oct 16, 2014 at 11:29 AM, Steven Ayre <steveayre at gmail.com> wrote:
>
>> Or remove the relevant profiles (each listens to an ip:port), or adjust
>> the sip-ip and rtp-ip they listen on.
>>
>> On 16 October 2014 17:24, Brian West <brian at freeswitch.org> wrote:
>>
>>> It has NOTHING at all to do with the ext-sip-ip and ext-rtp-ip settings,
>>> If you don't want outside access then block it at your nat/firewall.
>>>
>>> On Thu, Oct 16, 2014 at 11:11 AM, Charles Colbourn <
>>> charles.colbourn at ovic.co.uk> wrote:
>>>
>>>>
>>>> Hi,
>>>>
>>>> I'm currently trying to use a local instance of freeswitch as a test/dev
>>>> environment for embedding voice & video in an application. It's version
>>>> 1.5.12b 32bit running on windows 7.
>>>>
>>>> The trouble is, nothing I do seems to prevent it from opening access to
>>>> the
>>>> outside world, so I'm ending up with loads of attempts to register from
>>>> 192.111.153.106. My config is currently in a hacked/broken state such
>>>> that
>>>> they can't authenticate (and I've changed the passwords anyway), but
>>>> it's a
>>>> damn nuisance.
>>>>
>>>> I've tried adding
>>>>
>>>> -nonat
>>>>
>>>> and
>>>>
>>>> -nonat -nonatmap
>>>>
>>>> to the startup parameters. I've commented out the
>>>>
>>>>
>>>> <param name="ext-rtp-ip" value="auto-nat"/> <param name="ext-sip-ip"
>>>> value="auto-nat"/>
>>>>
>>>> values in both external and interal sip profiles (and renamed the
>>>> external
>>>> one to a non xml extension so it doesn't get read).
>>>>
>>>> I've also tried setting those parameters to invalid values. I've searched
>>>> over and over and dug through documentation. Nothing seems to work, this
>>>> external connection still keeps trying to authenticate with various
>>>> extension numbers. Please, am I missing something obvious here or
>>>> something?
>>>> It seems strange that it would be so difficult to lock the thing down for
>>>> testing.
>>>>
>>>> thanks,
>>>>
>>>> Charles.
>>>>
>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>>
>>>>
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> *Brian West*
>>> brian at freeswitch.org
>>>
>>>
>>> *Twitter: @FreeSWITCH , @briankwest*
>>> http://www.freeswitchbook.com
>>> http://www.freeswitchcookbook.com
>>>
>>> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
>>> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>>
>>>
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>>
>>
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
>
> *Brian West*
> brian at freeswitch.org
>
>
> *Twitter: @FreeSWITCH , @briankwest*
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list