Switchvox - Does it have a firewall?

Hello,

  One of my clients has been looking into Switchvox, for use with SIP.  Because some phones would be connecting across the WAN, I would like to put the Switchvox on a public static address.  From what I am being told, there is no way for me to access the firewall functions of the underlying Linux distro.  

Is there a way for me to close and open ports on the nic of the Switchvox?  I would like to only open the standard 5060 ; 10000-2000 ; and possibly a couple non standard ports, but keep everything else closed.

I find it hard to believe that there is no way to do this, which forces you to put the device behind a NAT, which SIP does not work well with.  Seems very illogical.
LVL 4
jkocklerAsked:
Who is Participating?
 
DrDamnitConnect With a Mentor Commented:
I have your answer. We've deployed many switchvoxes.>  From what I am being told, there is no way for me to access the firewall functions of the underlying Linux distro.  That is 100% correct. There is no shell access and no access from the GUI. >FirewallThe distro is hardened and does not list have any extraneous services running on ports that would make it susceptible to attack from the outside. You can drop it on a public IP address with no worries.
0
 
nociConnect With a Mentor Software EngineerCommented:
well have you tried with nmap if there are any other ports open?

If no one is listening on another port then the attack surface doesn't change, firewall or not.
http://nmap.org/
0
 
darrickhartmanCommented:
Here's a post which does describe a way to get to the root console on the system, but it's really designed to be an appliance with all configuration via the web interface.

http://www.mail-archive.com/asterisk-users@lists.digium.com/msg199927.html

If you find that you're unable to do this with switchvox, the AstLinux project has a nice setup with full firewall and several vpn options.  It would be preferable to set up Snom phones which have OpenVPN capabilities to having open sip ports.

http://www.astlinux.org  We include the Asterisk-gui (2.0) as well as a basic web interface to access firewall and other system settings.  We're close to our next release so I would suggest getting on the mailing list before installing the available install files from the Sourceforge site.
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
jkocklerAuthor Commented:
Does AstLinux have a dialer option?  If so, is there a way to run the dialer with allowguest=no ?
0
 
darrickhartmanCommented:
AstLinux is very basic compared to Switchvox.  You would need to use a 3rd party application that can interface with a generic Asterisk install.  There are several out there.  Switchvox is a very nice packaged system.  Astlinux is designed to be used by someone who needs and wants more under the hood control.  It's not for everyone, but if you are willing to dig under the hood and learn some of the underlying components, it should serve you well.  It's also designed to run on embedded type hardware making it less prone to hardware failure.
0
 
jkocklerAuthor Commented:
cool.  Normally I just run straight asterisk, but the switchvox was something a client of mine purchased and wants me to support.  Fine with me!  lol ...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.