Firewall issue with Asterisk

Discussion in 'ESET Smart Security' started by starbuck_, Apr 26, 2008.

Thread Status:
Not open for further replies.
  1. starbuck_

    starbuck_ Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    3
    Hello,

    I have encounterd the following problem.

    I have installed and configured trixbox 2.6/asterisk (VOIP PBX) on a virtual machine.
    (vmware/windows).

    With ESS 3.0.650 Firewall enabled I could not make any outgoing/incoming calls through trixbox/asterisk. When dialing my voip number with my cell phone
    my softphone (x-lite) on my windows box (XP Sp3-Final) did not ring. After dialing the number my cell phone displays "no connection" immediately and doing some beep sounds (like no carrier I think). The Trixbox/asterisk server also did not register the call from outside... Dialing out (Softphone ->Cellphone, or ISDN Phone) also did not work,too.

    After diasabling the ESS Firewall completely there is no problem. The cell is dialing (free line tone) , my trixbox registers the call (see that on the asterisk CLI log) and the softphone is ringing. Outgoing calls are also working with the firewall disabled. I am behind a NAT DSL-router but all the neccessary parts are forwarded, if needed. I have also configured the rules with open ports for the x-lite softphone in ESS configuration.

    Either my PC and the VM is located in the Trusted Zone in ESS 192.168.0.0/255.255.255.0.

    Could someone please give me a hint what's wrong here?
    This is very strange.

    Thank you in advance.
    starbuck
     
  2. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    asterisk will probably be irrelevant -

    but to be sure you need to check - can the vmware trixbox installation do other network activities with ESS turned on? You can fire up a shell session and setup say a 'wget' session.

    Our asterisk box is standalone - just a dell server from ebay - and our external firewall was configured to port forward the relevant SIP ports - so we can connect extensions from one the road using softphones and ATA devices, and I can even configure the system remotely, but to prevent remote attack vectors, we have those ports shut down EXCEPT for inside the network, ie, we vpn to the office and then ssh and use the web-gui for configuration changes.
     
  3. starbuck_

    starbuck_ Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    3
    @webyourbusiness:

    Your right. I haven't recognized this before. Also other network activities are not possible with trixbox and vmware. After firing up vmware to boot trixbox the network interface eth0 did not get an ip address via dhcpd. wget is also not possible. Vmware workstation process and vmware tray process is allowed via the esset firewall rules. The vmware network adapter vmnet8 (bridged) has 192.168.236.1 as ip address. 192.168.236.0/255.255.255.0 is entered in the trusted zone in ESS.

    What's wrong with the configuration here? Any ideas? Suggestions?

    For the record: When Firewall is turned off network interface gets an ip via dhcp and everything works fine.

    starbuck
     
Thread Status:
Not open for further replies.