Asterisk Firewall- VM to email not working

system · November 4, 2011, 2:09pm

Hi,

I am running CentOS and Asterisk 1.4.22.1 on my system. I am configuring firewall, after applying firewall, mu voicemail to email is not working… I have opened all ports for mail server.

Please help…

#!/bin/bash
iptables -F
iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -s 4.2.2.2 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 465 -j ACCEPT
iptables -A INPUT -p tcp --dport 585 -j ACCEPT
iptables -A INPUT -p tcp --dport 993 -j ACCEPT
iptables -A INPUT -p tcp --dport 995 -j ACCEPT
iptables -A INPUT -p tcp --dport 587 -j ACCEPT

iptables -A INPUT -p tcp -s x.x.x.x --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s x.x.x.x --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s x.x.x.x --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s x.x.x.x --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp -s x.x.x.x --dport 8088 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s x.x.x.x --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp -s x.x.x.x --dport 9001 -j ACCEPT
iptables -A INPUT -p udp -m udp -s x.x.x.x --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -m udp -s x.x.x.x --dport 10000:20000 -j ACCEPT
iptables -A INPUT -p udp -m udp -s x.x.x.x --dport 4000:4999 -j ACCEPT
iptables -A INPUT -p udp -m udp -s x.x.x.x --dport 4569 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s x.x.x.x --dport 5038 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT

iptables -P OUTPUT ACCEPT

service iptables save
iptables -L

david55 · November 4, 2011, 4:41pm

DNS?

system · November 4, 2011, 5:28pm

Hi,

I have included DNS to… line which has 4.2.2.2

david55 · November 4, 2011, 6:54pm

You want -sport=25 to originate SMTP. However that isn’t really secure, so you also want to reject any syn’s without ack’s from this port, if you are not prepared to allow all unprivileged dport’s.

system · November 4, 2011, 9:31pm

Thanks a lot for your reply…It worked

can u plz explain why is it not secure???

david55 · November 4, 2011, 11:14pm

Because it allows an attacker to connect to any internal service by using 25 as the source port.

To do so they have to send a syn without an ack, to start the connection.

Topic		Replies	Views
Iptables firewall? Asterisk Support	3	340	September 4, 2015
Asterisk Voicemail to email to ISP SMTP Asterisk Support	4	261	August 10, 2010
Voicemail to email Asterisk Support	0	184	May 29, 2008
Voicemail serveremail not working Asterisk Support	2	504	May 26, 2006
Voicemail to Email doesn't work (asterisk 1.6, sendmail) Asterisk Support	5	731	February 26, 2011

Asterisk Firewall- VM to email not working

Related topics