|
Joined: Aug 2002
Posts: 1,073 Likes: 1
Member
|
OP
Member
Joined: Aug 2002
Posts: 1,073 Likes: 1 |
We have an IP office 9.0 system with SIP trunk on LAN2 with a public IP on the LAN2. The system gets hacked regularly. A complex password is no trouble for the hacker.
We put the IPoffice lan 2 behind a firewall with SIP trunk connectivity results in one way speech.
I used Pfsense and had no luck. 2 days of banging my head against wall is no fun.
So I am hopeful someone can advise me on a product/firewall that will work easily.
|
|
|
|
Joined: May 2004
Posts: 1,665 Likes: 4
Moderator-Avaya
|
Moderator-Avaya
Joined: May 2004
Posts: 1,665 Likes: 4 |
What SIP provider are you using? Have you set your stun server settings?
What about changing how the SIP provider authenticates, maybe from a specific WAN IP.?????
|
|
|
|
Joined: Aug 2002
Posts: 1,073 Likes: 1
Member
|
OP
Member
Joined: Aug 2002
Posts: 1,073 Likes: 1 |
Verizon Business SIP trunk. Stun 216.93.246.18 Haven't had good luck getting info from Verizon business, like pulling teeth.
TCP 5060 forwarded to IPO UDP 46750 - 50750 forwarded to IPO
Outside party can hear us, but we (inside party) cannot hear outside caller.
I found an avaya guide to integrating with Verizon business sip trunk but it depicts using a public ip on the LAN2 which is a problem.
Hacking continues.
|
|
|
|
Joined: May 2004
Posts: 1,665 Likes: 4
Moderator-Avaya
|
Moderator-Avaya
Joined: May 2004
Posts: 1,665 Likes: 4 |
Turn off port forwarding. Set up STUN on LAN2
|
|
|
|
Joined: Aug 2002
Posts: 1,073 Likes: 1
Member
|
OP
Member
Joined: Aug 2002
Posts: 1,073 Likes: 1 |
yes i have stun on lan2, port forwarding was done in our router/firewall attached to lan2.
any suggestions for a firewall
|
|
|
|
Joined: May 2004
Posts: 1,665 Likes: 4
Moderator-Avaya
|
Moderator-Avaya
Joined: May 2004
Posts: 1,665 Likes: 4 |
It is not the firewall. When STUN is set properly, you do not need any ports opened and forwarded.
|
|
|
|
Joined: Mar 2014
Posts: 160
Member
|
Member
Joined: Mar 2014
Posts: 160 |
When you set up the port forwarding, could you set up original IP address of the port forwarding to be the SIP server's IP?
So only request from SIP server would forward to IPO, not any other IPs including any hacker's.
|
|
|
Forums84
Topics94,297
Posts638,856
Members49,769
|
Most Online5,661 May 23rd, 2018
|
|
1 members (newtecky),
137
guests, and
262
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|