This is becoming even bigger mystery how it’s even working. So I have two firewall rules. One for the outbound ports and one for the inbound port forwarding to the PBX local IP address. Even if i disable the inbound port completely, the external gradwell calls still seem to come through. It’s only by disabling outbound on those ports that it stops coming through. So this has got me thinking regarding my other thread, whitelisting their IP addresses for internal traffic doesn’t seem to be making any difference anyway. It is blocking all the other unwanted sip attempts though.
The question is, how is this even working? How are the calls able to make it through? The one thing that makes a difference and makes incoming and outgoing calls completely stop is if i change Asterisk Sip Settings IP address from Static to Public. It only works on Static with the external IP defined. So this has something to do with it too.
Which log files should I be sharing? there’s fail1ban, full, queue and debug but debug seems to be empty.
It definately isn’t using the inbound firewall rule because if I disable the outbound firewall rule allowing outbound traffic then the calls stop coming through. The inbound one isn’t making any difference to it. It’s making me wonder, could it be registering with gradwell sip and somehow able to know how to receive the call?
I remember having a sipgate account on here a while back and that didn’t need any inbound ports, it just needed outbound 5060 tcp and udp and it would just work. So this is reminding of that
Just had a look at the SIP peers section where all my voip phones are showing registered. At the bottom on the page I see Gradwell with these details:
I just locked myself out of remote access accidently on the firewall and i’m back to work in a week lol. Going to have to report back with the logs when i return lol.
In theory, if i left AllowGuest ON and inbound firewall rule is only allowing the Gradwell IP’s for the following ports:
5060 TCP
5060-5061 UDP
10000-20000 (UDP)
When i tested this, none of the junk requests were making it to the PBX on the User Panel logs so essentially the firewall is doing what the AllowGuests off was doing. So that’s why i’m thinking leaving it on may just be the safer option to make sure the gradwell routing always works.
and i’m back to work in a week lol. Going to have to report back with the logs when i return lol.