Firewall - changes in ip address and user in the "to" field

can my freePBX firewall rewrite the “to” field? Today I saw in the “to” header the ip address And I see wrong addresses when phone numbers end with 1.

I want to make sure if this is the fault of the asterisk or the other side it is connected to.

Then you saw a SIP scan. You cannot rewrite the To header. Why do you think you would need to do that?

No, I just wonder if some software on my asterisk machine can rewrite the “To” header.

I don’t understand your post. Did you see this in the Asterisk log? With tcpdump? In the log of another device? Are these packets going to the PBX, sent from the PBX, or both? Are they related to authorized incoming calls, outgoing calls, or unwanted traffic (attacks or bugs)?

The FreePBX firewall does not (intentionally) alter any packets. It either lets them pass or drops them.

Captures with tcpdump or similar are directly on the NIC (before the firewall for incoming packets; after the firewall for outgoing). Entries in the Asterisk log are obviously after the firewall for incoming; before for outgoing.

If your system has a hardware router/firewall with a SIP ALG, a bug there could easily cause the symptoms you are observing. If the PBX is on a VM set up for other than ‘bridged’ networking, the virtualization platform might be responsible, though that is unlikely.

Yes, the tcp dump showed incorrect “to” headers. These are the logs taken from FreePBX, but I cannot see the logs of the peer.
So, than means my freepbx cannot mess headers. Thank you.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.