Hi Alex, Am Donnerstag, den 20.02.2014, 13:48 -0500 schrieb Alex Villacís Lasso: > I have a setup with asterisk-11.7.0 and kamailio-4.1.1. I am following > the setup guide at > http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb . I want to run asterisk and kamailio on the same server, with SIP realtime configuration > (MySQL database) so that kamailio authenticates and then forwards the > registration to asterisk on localhost. The setup calls for asterisk to > be configured to listen for SIP traffic on all interfaces, on a > nonstandard port (I chose 5080). It also calls for > blanking of the password for the SIP peer (in my case, a softphone), > so that it will not request for authentication again. I have managed > to make a call with working audio from the softphone to an extension > on asterisk through kamailio. > > My concern is that asterisk is left listening for SIP through all > interfaces and with no SIP passwords. I want to secure the setup > against directed traffic to the asterisk UDP port (5080), that > bypasses the kamailio process. I tried setting > bindaddr=127.0.0.1 so asterisk will only listen for SIP traffic on > localhost, but this has the side effect of also removing audio - the > call appears to be successful on the softphone and on the asterisk > logs, but no audio is actually heard. My theory is > that the RTP traffic is being sent to kamailio instead of the > softphone. > > How can I set up asterisk so that it can send RTP anywhere but reject > any SIP traffic that does not come from the kamailio process on > localhost? > If You bind asterisk to 127.0.0.1 I think the media connection is set for this IP. Your Softphone can not reach the correct 127.0.0.1 (localhost is everywhere). I would suggest, You setup asterisk on eth0 address or 0.0.0.0. In the sip.conf You could secure Your setup with deny = 0.0.0.0/0.0.0.0 permit = Your-LAN-Adress This way asterisk accepts SIP from Your box only. HTH, Karsten -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users