I need the IP’s or FQDN for sipstaiton so I can whitelist and forward in my firewall. I couldnt find them on the wiki
I believe that calls come from trunk1.freepbx.com [18.104.22.168] and trunk2.freepbx.com [22.214.171.124] .
Confirm (from existing logs or by making a few test calls) that you are not seeing calls from elsewhere, then set your firewall accordingly.
what about the non trunk IP addresses for example when it connects to the store or when it checks if your IP address has changed and sends you notifications via email
Sorry, I was assuming that your firewall allowed all outbound connections. While it’s conceivable that Asterisk or FreePBX has a vulnerability that allows an attacker to read and execute data from an external source (that could be blocked by a firewall with outbound restrictions), IMO it is very unlikely.
If you need that level of security, I recommend an SBC in front of the PBX.
If you still want to impose whitelist based outbound restrictions, be aware there are many requests that you need to allow (DNS lookups, NTP requests, OS updates, multiple module repositories, etc.) It’s hard to know that you have found them all. For example, you may have whitelisted your SMTP server but forgot the failover server.
It keeps saying our IP changed. We have a primary ISP and a failover ISP and it keep switching between the two even though asterik has only our primary so I need to look at the firewall to see what its pinging from so I can add that IP to our snat so it only uses our primary unless we need to route everything through our failover isp line.
Or what would be easier to know what port it uses so I can add that to the snat so its not picked up by another rule in the fw that uses another isp line.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.