This is kind of a continuation of my earlier SIP trunk post but I really need some help understanding the bigger picture with Asterisk FreePBX and SIP ports
The reason for the confusion is this, heres what ive learned
- Asterisk can only bind to one port for sip
But! How is it that i have extensions on different ports then. For example, using OpenVPN to a remote office there is nat going on because the OpenVPN client connects multiple phones from the address 10.8.0.2. I learned that they cant all use 5060, they each need a different port so that Asterisk can talk SIP to each phone. So i have 1 phone 5060 another 5160 5260 etc.
The same thing happened when i had an internal SIP trunk to a Pstn gateway w multiple fxo ports. The voice gateway is 10.1.1.20 but i have several sip trunks connecting from it using 5060 5160 5260 etc to connect to diff fxo ports.
Okay, all makes sense to me.
So why is it a problem when i get a sip trunk provider now and want a custom sip port, instead of 5060, say 9191. So i forward 9191 to my pbx, but pbx refuses to accept sip on that port even thought i put port=9191 in the trunk config
Can someone clear this up so I can understand?
The provider tells me that its safe to leave 5060 open and i just need to harden the pbx. If my secrets are not rockyou.lst (massive password list) crackable, am I fairly “safe”, or are there other things to worry about besides secrets getting cracked? Is there a risk of ddos from all the password crack attempts that could happen if 5060 is left open?