Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-18741

Firewall doesn't white list match field entries from PJSIP trunk

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 14
    • Fix Version/s: None
    • Component/s: Firewall
    • Labels:
      None
    • ToDo:

      Description

      I saw a case today, where the customer had defined a pjsip trunk, and populated the "Match" field on the pjsip trunk advanced tab with a range of IPs that SIP signalling could originate from. Upon checking the iptables config generated by firewall for this trunk, you could see that the trunk host IP was added to the "fpbxsmarthosts" zone, but did not see any of the entries from the trunk "Match" field added to the iptables config. In practice, this meant that a fraction of inbound calls failed, as the INVITE was not originating from the same IP as the trunk host.

      The work around was to add the same values from the trunk "Match" field to the Firewall networks tab 'trusted' zone so that inbound SIP signalling from those hosts is allowed. I did note that enabling responsive also allowed calls to work, but opted not to do that as I assumed that inbound invites without a corresponding registration would cause the IP to be blocked.

      I've marked this as a bug because its serious enough to affect trunk usage, but probably could be considered a feature request.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                lgaetz Lorne Gaetz
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:

                  NextupJiraPlusStatus

                  Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.