How to open UDP port 5060 in iptables?


Using FreePBX with Asterisk and Orgasmatron52

I have a D-Link dir-655 router/firewall that has all the configurations set up for port forwarding on UDP port 5060. This is for a new SIP trunk that will use UDP port 5060 in FreeePBX.

The problem is that the port is not open on the servier side and can be verified by using the Open Port Check URL.

I checked the iptables process and do not see port 5060 as allowing incoming or outgoing packets.

I do not see a UPD rules setup for port 5060 in the iptables configuration setup located in /var/pbx_load16/iptables file that was generated by iptables-save.

Two questions:

  1. What configuration file is being used by iptable-save to load all the port access rules? I would like to add UDP port access for 5060 here if that is the appropriate place to make changes to iptables.

  2. What is the entry to setup UDP access for port 5060?

Here is a snippit that I wa able to locate on the CentOS website that gives an example of passing bittorrent packets.

Accept tcp packets on destination port 6881 (bittorrent)

iptables -A INPUT -p tcp --dport 6881 -j ACCEPT

So, would the entry for incomming packets it would be something like this? :

Accept udp packets on destination port 5060 (SIP trunk)

iptables -A INPUT -p udp --dport 5060 -j ACCEPT

Whould a corresponding entry have to be created for out bound packets from UDP port 5060?

tcp packets on destination port 5060 (SIP trunk)

iptables -P OUTPUT -p udp --dport 5060 -j ACCEPT

Any help will be much appreciated and thanks for your help.

I would check the Linux Firewall available through Webmin. The first time you use Linux Firewall, it will be located in Webmin - Unused. Then, after you use it, it automatically gets moved to Webmin - Networking section.

I setup the following rules for SIP and RTP traffic.

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT

THanks very much for this information! Just what I’m looking for.