- Thu 26th Mar 2015, 08:57
#1608
I've setup an Asterisk installation and it's running pretty well, but I'm interested in setting up external SIP clients.
Obviously the simplest method would be to simply forward port 5060 to the IPBX, but having tried that, I'm getting a lot of external intrusion attempts (thankfully all unsuccessful) so was considering changing the port. The problem is that simply changing the number of the external port to forward to 5060 would mean that the client wouldn't be looking for a response on 5060 (which the IPBX would invariably send).
From what I understand of Asterisk, I can't specify a different bind port for different extensions (probably sensible or you'd end up with an IPBX so full of holes you'd be hacked very quickly) and changing the general port would result in me having to change the port for all locally attached SIP devices.
What would people suggest?
My current thought is to enable local port forwarding. This would normally not resolve the problem, but I have my phones on a separate subnet to my internet connection, so could just enable port forwarding for the appropriate ethernet adapter - thoughts?
Obviously the simplest method would be to simply forward port 5060 to the IPBX, but having tried that, I'm getting a lot of external intrusion attempts (thankfully all unsuccessful) so was considering changing the port. The problem is that simply changing the number of the external port to forward to 5060 would mean that the client wouldn't be looking for a response on 5060 (which the IPBX would invariably send).
From what I understand of Asterisk, I can't specify a different bind port for different extensions (probably sensible or you'd end up with an IPBX so full of holes you'd be hacked very quickly) and changing the general port would result in me having to change the port for all locally attached SIP devices.
What would people suggest?
My current thought is to enable local port forwarding. This would normally not resolve the problem, but I have my phones on a separate subnet to my internet connection, so could just enable port forwarding for the appropriate ethernet adapter - thoughts?
How did this post make you feel?