Up to Discussions in OpenSBC

This Question is Not Answered

1 "correct" answer available (5 pts) 1 "helpful" answer available (1 pts)
8 Replies Last post: Mar 20, 2010 12:15 PM by mparadis  
Click to view mparadis's profile  
mparadis
95 posts since
Oct 2, 2009

Nov 18, 2009 11:32 AM

OpenSBC on ?


It's clear that opensbc works well with vyatta but I am wondering what other firewall it might work on/with.

In my case, I need nothing but SIP/RTP, I don't need the full functions of a firewall as all other services are provided through a different connection.

I don't know if opensbc can be installed and run safely on say just a standard centos server for example or if it replies on certain things which only a firewall such as vyatta for example offers.

Some insight on this would be most appreciated.

Thanks.

Mike

Click to view tayeb.meftah's profile  
tayeb.meftah
5 posts since
Nov 12, 2009
1. Nov 18, 2009 3:29 PM in response to: mparadis
Re: OpenSBC on ?

hi,

OpenSBC can by i,nstalled in Win32, Linux including Debian/UBUNTU, CentOs and other Operating System, like *BSD

also i hop that OpenSBC can to by ported to any ARM Platform and blackfin;)

enjoi OpenSBC the reliable Open Source SBC/Sip Proxy

Click to view mparadis's profile  
mparadis
95 posts since
Oct 2, 2009
2. Nov 18, 2009 4:43 PM in response to: mparadis
Re: OpenSBC on ?
I am now building a centos5 server which will be locked to all services other than sip/rtp with opensbc on it. It is a two nic server so one side will face public, the other side will face lan/pbx.

Wondering if anyone has thoughts on locking down centos leaving sip/rtp only.

Mike

Click to view mparadis's profile  
mparadis
95 posts since
Oct 2, 2009
3. Jan 18, 2010 1:05 AM in response to: tayeb.meftah
Re: OpenSBC on ?

Does anyone have an example iptables config that would lock down centos to everything other than pbx services through opensbc. I've used firewalls since the early 90's and have never bothered with iptables so don't know how to configure it to lock down a server.
Click to view nate187's profile  
nate187
27 posts since
Sep 29, 2009
4. Jan 19, 2010 12:14 PM in response to: mparadis
Re: OpenSBC on ?
Here are some basic rules you can use. You can make a file /etc/rc.d/rc.firewall and have /etc/rc.d/rc.local run it so its loaded at boot.
This is pretty basic but better than no security at all, and you can do much much more with iptables.

iptables -A INPUT -s 10.0.0.2 -j ACCEPT
This will allow everything from that address. Specify your own ip or network, so you can ssh to it and specify your sip proxies so it can receive sip packets on the other ports like the backdoor, trunk, etc.

# Flush all Chains.
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
 
# Set default Policy for each Chain.
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
 
# Rules
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -s 10.0.0.2 -j ACCEPT
iptables -A INPUT -p udp -m multiport --dports 6000:65534 -j ACCEPT
iptables -A INPUT -p udp -m multiport --dports 5060 -j ACCEPT
Click to view mparadis's profile  
mparadis
95 posts since
Oct 2, 2009
5. Jan 20, 2010 1:48 PM in response to: nate187
Re: OpenSBC on ?

The servers have nic0 on a private IP and nic1 on the public side. I wasn't able to figure out how to set up iptables with it's NAT side talking with the pbx and the other side to the public.
Click to view joegen's profile  
joegen
519 posts since
Apr 28, 2007
6. Jan 20, 2010 9:08 PM in response to: mparadis
Re: OpenSBC on ?

Gentlemen,

When you get something working, would you document your setup and post it in the docs area?

Click to view nate187's profile  
nate187
27 posts since
Sep 29, 2009
7. Jan 21, 2010 9:04 AM in response to: mparadis
Re: OpenSBC on ?
for NAT you need something like this where eth0 is the public and eth1 is the private:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
Click to view mparadis's profile  
mparadis
95 posts since
Oct 2, 2009
8. Mar 20, 2010 12:15 PM in response to: mparadis
Re: OpenSBC on ?

If I update this thread, no one will find the information easily so I'll start a new thread which deals with the end result instead.


Mike

Actions

More Like This