Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4


666 posts

Ultimate Geek
+1 received by user: 10


  Reply # 1078181 1-Jul-2014 19:43
Send private message

Just got it set to 1Gb a month.

5200 posts

Uber Geek
+1 received by user: 2219

Trusted
Lifetime subscriber

  Reply # 1078184 1-Jul-2014 19:49
Send private message

Try a Draytek router, they are pretty good at handling SIP traffic. I've never had to port forward to get Asterisk or other VoIP configurations working.




Chorus has spent $1.4 billion on making their xDSL broadband network faster. If your still stuck on ADSL or VDSL, why not spend from $150 on a master filter install to make sure you are getting the most out of your connection?
I install - Naked DSL, DSL Master Splitters, VoIP, data cabling and general computer support for home and small business.
Rural Broadband RBI installer for Ultimate Broadband and Full Flavour

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com




666 posts

Ultimate Geek
+1 received by user: 10


  Reply # 1078186 1-Jul-2014 19:50
Send private message

Ok, looking at tcpdump logs I see traffic from

SIP
107.150.45.66 New York
188.138.5.114 Berlin
202.180.76.182 Auckland ? WxC
27.111.14.65 Auckland
198.204.231.123 Sydney

TCP
74.125.31.125 Atlanta
216.52.233.71 Los Angeles




666 posts

Ultimate Geek
+1 received by user: 10


  Reply # 1078193 1-Jul-2014 20:12
Send private message

Anyone tried the Sippot RBL client http://www.opentek.ca/sippot



666 posts

Ultimate Geek
+1 received by user: 10


  Reply # 1078254 1-Jul-2014 21:24
Send private message

Oh well, I installed the sippot RBL client which added about 1400 addresses to my iptables
I then added the 5 other ip addresses that came from overseas to iptables as well ( none was in their honeypot list).
Shall run tcpdump again and see what else pops up.


3451 posts

Uber Geek
+1 received by user: 1213

Subscriber

  Reply # 1078286 1-Jul-2014 21:46
Send private message

27.111.14.65 is 2Talk's proxy.



666 posts

Ultimate Geek
+1 received by user: 10


  Reply # 1078296 1-Jul-2014 21:52
Send private message

And the other Auckland address belongs to callplus.

Yep, I have another pap2t or something device on premises which is turned off ... and I guess they're trying to find it.




666 posts

Ultimate Geek
+1 received by user: 10


  Reply # 1078339 1-Jul-2014 22:51
Send private message

And 74.125.31.125 is xmpp traffic.

I must have googlevoice installed on my asterisk box.

21135 posts

Uber Geek
+1 received by user: 4219

Trusted
Subscriber

  Reply # 1078342 1-Jul-2014 22:57
Send private message

5060 is not the port that is used for audio, so fowarding it will not help with one way audio, there is another range that does the audio which can help, but even with it fowarded I was geting one way audio too often when going via asterisk.

Only reason to foward 5060 is to allow off site registration.

I gave up on asterisk and just have several analog phones on several ATA's to get all the numbers I need registered on. I take phone calls so seldom its not a big deal.

IMO asterisk is just not reliable enough in a natted configuration. It does dumb stuff that no ATA has ever done like totally lose all registrations when one dynamic dns name stopped resolving etc.




Richard rich.ms



666 posts

Ultimate Geek
+1 received by user: 10


  Reply # 1078346 1-Jul-2014 23:16
Send private message

Well, I haven't had those sorts of issues.
I did have 629,000 calls in June .. though none made it outside except the local calls I personally made.
I've got hold of a router flashed with DD-WRT which allows me to set the source for NAT so once I'm up in the office I can try and install that.
In the meantime I'll see if these 1400 RBL addresses help.



666 posts

Ultimate Geek
+1 received by user: 10


  Reply # 1078411 2-Jul-2014 08:17
Send private message

Only had 2 calls overnight, and already 22mb of traffic.

Have now disabled Truenet checking and also disabled the WiFi on their probe in case someone has been using my WiFi.

If I still have traffic over the day, will try another tcpdump.

35 posts

Geek
+1 received by user: 2


  Reply # 1078432 2-Jul-2014 09:12
Send private message

Try an IP filter for WXC proxy server IP, rather than a port forward.

https://i.imgur.com/z5ZnW9e.png

This will allow all communication from WXC sip proxy to your asterisk and dump every other IP:5060 at the WAN port.

You'll still get charged for traffic sent to your connection but whoever is sending you traffic will move on once you start dropping packets.

If you're on a dynamic IP with your service provider I'd recommend rebooting after the setting is in to get a different IP.
If its a static check with ISP about changing the address.




666 posts

Ultimate Geek
+1 received by user: 10


  Reply # 1078538 2-Jul-2014 11:53
Send private message

Thanks for looking at that for me.

I only have ssh access to my Asterisk box, and no GUI.  
And I'm not aware of any command line tool that I can use to change the Netcomm settings.
So, I'll have to wait until I can get to the office to try this out.


'That VDSL Cat'
7965 posts

Uber Geek
+1 received by user: 1632

Trusted
Spark
Subscriber

  Reply # 1078545 2-Jul-2014 12:09
Send private message

gchiu: Thanks for looking at that for me.

I only have ssh access to my Asterisk box, and no GUI.  
And I'm not aware of any command line tool that I can use to change the Netcomm settings.
So, I'll have to wait until I can get to the office to try this out.



how about an ssh tunnel, should be able to access your routers webinterface from there.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.




666 posts

Ultimate Geek
+1 received by user: 10


  Reply # 1078781 2-Jul-2014 17:16
Send private message

Yes, I do have ssh running but not sure how  I can bring up a GUI to the router.

Anyway, in the meantime, I have altered my iptables by

Removing these lines:

 

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

 

ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpts:5000:5082 

 


And then:

/sbin/iptables -A INPUT -s 182.154.16.150,58.28.20.150,202.180.76.182,27.111.14.65,192.168.1.0/24,25.107.0.0/16 -p udp --dport 5000:5082 -j ACCEPT

So, I think SIP traffic is now just limited to WxC and 2talk externally, and allowed on Hamachi VPN, and local lan.

I'll see what happens now.

1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07


All or Nothing: New Zealand All Blacks arrives on Amazon Prime Video
Posted 2-Jun-2018 16:21


Innovation Grant, High Tech Awards and new USA office for Kiwi tech company SwipedOn
Posted 1-Jun-2018 20:54


Commerce Commission warns Apple for misleading consumers about their rights
Posted 30-May-2018 13:15


IBM leads Call for Code to use cloud, data, AI, blockchain for natural disaster relief
Posted 25-May-2018 14:12


New FUJIFILM X-T100 aims to do better job than smartphones
Posted 24-May-2018 20:17



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.