Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5
BarryP
5 posts

Wannabe Geek


  #863021 21-Jul-2013 14:33
Send private message

Cheers.
Have put  qualify=no in peer setting for trunk & it stopped the useless traffic.
I only presume that was the correct thing to do .

Barry

 
 
 

Shop now on Mighty Ape (affiliate link).
sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #863027 21-Jul-2013 14:46
Send private message

BarryP: Cheers.
Have put  qualify=no in peer setting for trunk & it stopped the useless traffic.
I only presume that was the correct thing to do .

Barry


You obviously just need to be aware of the implications of this. Based on that comment I'm not sure if fully are.

Your PBX should be behind a secure firewall and should not have port 5060 exposed to the internet. Qualify sends a SIP OPTIONS query which not only lets Asterisk know if the peer is available, this also performs a major role in allowing your PBX to work behind a NAT firewall by keeping a NAT pinhole open. if this IP doesn't exist in the NAT table then unitiated inbound UDP traffic (ie an inbound VoIP call) will potentially be blocked.


BarryP
5 posts

Wannabe Geek


  #863035 21-Jul-2013 15:04
Send private message

Hi,
I am behind DD-WRT & I 
Am Forwarding 5060  &  12000..20000  to FREEPBX .
I also have some other Ports being redirected to 5060.
If I don't open 5060 to the big wide world , My mobile won't be able to register when outside my network.




maverick
3594 posts

Uber Geek

Trusted
WorldxChange

  #863041 21-Jul-2013 15:11
Send private message

but unless you know what your doing with restrictions from external IP's and SIP you leave yourself wide open to being hacked, the amount of people we have seen getting hacked because their system was hacked from the external big bad world is scary, and basically its because unfortunately people do not properly know how to secure their freeware PABX systems,




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #863043 21-Jul-2013 15:13
Send private message

I'm not going to lecture you on security other than to say you should never have port 5060 open unless you fully understand the risks. Without appropiate security in place it's not a matter of if you'll have your system compromised, but when.


BarryP
5 posts

Wannabe Geek


  #863055 21-Jul-2013 15:33
Send private message

eek .. Dual warnings in a matter of minutes.
I Obviously want to keep the versatility of what I have .
IP based restrictions can't work for me.
I have just done search & found this.
http://highsecurity.blogspot.co.nz/2012/05/freepbx-and-asterisk-basic-security.html
Will have a look thru it & see how I stack up.
If there is another recommended document .. please share the link
 

BarryP
5 posts

Wannabe Geek


  #863126 21-Jul-2013 17:45
Send private message

Well...
Thanks Again for the Heads up ..
I went thru the security stuff & didn't score very well  !
I've remedied a number basic security things like passwords.

Also got Fail2Ban running.
Half an hour later  .. got an email of the first Banned IP 176.31.103.97  (France)





sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #863141 21-Jul-2013 18:13
Send private message

If you're wanting remote access use a VPN.. My other suggestion of a SBC will clearly be beyond your budget!


sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #863144 21-Jul-2013 18:16
Send private message

BarryP: Well...
Thanks Again for the Heads up ..
I went thru the security stuff & didn't score very well  !
I've remedied a number basic security things like passwords.

Also got Fail2Ban running.
Half an hour later  .. got an email of the first Banned IP 176.31.103.97  (France)




If you didn't have something basic like fail2ban already in place you could easily expect to see a few hundred IP's blocked per week until the bots stop attacking your system.


Z-master
13 posts

Geek


  #863330 22-Jul-2013 07:13
Send private message

damn,  shame I didn't see this thread several days ago.

I got this E-mail back from Slingshot last night:

Other customers using Asterisk have had similar problems recently that have been fixed by updating the following setting:
 
fromdomain=hlz.italk.co.nz
 
So see if updating this fixes your issue, and if it doesn't then please email again to let me know and further troubleshooting will need to be carried out.


So at least they are giving out good advice.  Just a shame there wasn't any warning/notification, I spent hours trying to get it working.  I did an update on RasPBX around the same time as this issue appeared, so (incorrectly) assumed that was at fault, even though I didn't see any notes mentioning this fault.

maverick
3594 posts

Uber Geek

Trusted
WorldxChange

  #863336 22-Jul-2013 07:35
Send private message

lol good advice... so it looks like italk need to come to Geekzone to find the solution to the problem they don't know they have .... seems something quite funny and wrong with that




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

paul21019

19 posts

Geek


  #863351 22-Jul-2013 08:59
Send private message

Thanks everybody , especially Maverick and Rabsoft, I came in the morning , made the change to the host and bingo - we are back in action. 

I only changed the host as per Rabsofts suggestion to the IP , should I put in the "fromdomain=akl.italk.co.nz" as well?  

Now would be a good time to get the perfect peer details for future use - this is what I have:

type=friend
secret={secret}
username=649974xxxx
fromuser=649974xxxx
host=203.184.16.2
dtmfmode=rfc2833
insecure=very
nat=yes
canreinvite=no
disallow=all
allow=ulaw&alaw
qualify=yes

649974xxxx:{secret}@203.184.16.2


Once again if I had listened to the Italk CSR , my system would be in pieces and a complete rebuild needed, only apathy saved me.

PDE 



jnawk
176 posts

Master Geek


  #863364 22-Jul-2013 09:38
Send private message

I only changed the host as per Rabsofts suggestion to the IP , should I put in the "fromdomain=akl.italk.co.nz" as well? 


You should not use the IP address, because you are then vulnerable to potential sudden failure if slingshot make another change.
Put in the fromdomain, and set host back to akl.italk.co.nz, and you'll be right as rain.


jnawk
176 posts

Master Geek


  #863366 22-Jul-2013 09:39
Send private message

maverick: lol good advice... so it looks like italk need to come to Geekzone to find the solution to the problem they don't know they have .... seems something quite funny and wrong with that


They should give me a month free, for all my efforts.   And they should also give a month free to all their customers I've ended up retaining for them by finding the solution for them.

paul21019

19 posts

Geek


  #863454 22-Jul-2013 11:39
Send private message

Correction...

If I use fromdomain=akl.italk.co.nz and change the host and register string to match, I can only make outgoing call, incoming goes to busy.

So i have changed my host to host=203.184.16.2 ( as per Rabsofts original ) , remarked fromdomain out and put on the ip adddress in the register string, this works both ways but the delay into my trunks in noticeable but it works fine, my main line goes to an IVR - I am not sure if this is creating the delay or not.

Anyone have any ideas?  ( I can live with it, but it would be nice to get rid of the delay)

PDE 

1 | 2 | 3 | 4 | 5
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Māori Artists Launch Design Collection with Cricut ahead of Matariki Day
Posted 15-Jun-2025 11:19


LG Launches Upgraded webOS Hub With Advanced AI
Posted 15-Jun-2025 11:13


One NZ Satellite IoT goes live for customers
Posted 15-Jun-2025 11:10


Bolt Launches in New Zealand
Posted 11-Jun-2025 00:00


Suunto Run Review
Posted 10-Jun-2025 10:44


Freeview Satellite TV Brings HD Viewing to More New Zealanders
Posted 5-Jun-2025 11:50


HP OmniBook Ultra Flip 14-inch Review
Posted 3-Jun-2025 14:40


Flip Phones Are Back as HMD Reimagines an Iconic Style
Posted 30-May-2025 17:06


Hundreds of School Students Receive Laptops Through Spark Partnership With Quadrent's Green Lease
Posted 30-May-2025 16:57


AI Report Reveals Trust Is Key to Unlocking Its Potential in Aotearoa
Posted 30-May-2025 16:55


Galaxy Tab S10 FE Series Brings Intelligent Experiences to the Forefront with Premium, Versatile Design
Posted 30-May-2025 16:14


New OPPO Watch X2 Launches in New Zealand
Posted 29-May-2025 16:08


Synology Premiers a New Lineup of Advanced Data Management Solutions
Posted 29-May-2025 16:04


Dyson Launches Its Slimmest Vaccum Cleaner PencilVac
Posted 29-May-2025 15:50


OPPO Reno13 Pro 5G Review 
Posted 29-May-2025 15:33









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac