@ray123 wrote:
I know this has been asked before many times but all posts say close port 5060 to the external world. Would that not also block the trunk as well?
I was having a problem with SIP connection attempts from RIPE ip blocks, and I entered all the relevant IP blocks I can find in to the Blacklist in the Firewall GUI. However when running Tshark I see there still being registration attempts from those IP blocks.
89.163.140.244 -> 192.168.1.110 SIP/SDP 834 Request: INVITE sip:011442038071964@192.168.1.110:5060 | , with session description
1680.118175 192.168.1.161 -> 192.168.1.110 CLASSIC-STUN 64 Message: Binding Request
1684.487889 192.168.1.110 -> 192.168.1.161 SIP 594 Request: OPTIONS sip:206@192.168.1.161:5060 |
1684.500339 192.168.1.161 -> 192.168.1.110 SIP 495 Status: 200 OK |
1685.949753 192.168.1.163 -> 192.168.1.110 CLASSIC-STUN 64 Message: Binding Request
1695.948912 192.168.1.163 -> 192.168.1.110 CLASSIC-STUN 64 Message: Binding Request
1700.073956 192.168.1.161 -> 192.168.1.110 CLASSIC-STUN 64 Message: Binding Request
1705.948929 192.168.1.163 -> 192.168.1.110 CLASSIC-STUN 64 Message: Binding RequestSecondly, under Intrusion Detection I do not see those ip addresses being banned.
Is there something wrong with my config then?
Posts: 1
Participants: 1