Switchvox - Does it have a firewall?

Posted on 2009-12-18
Last Modified: 2013-12-21

  One of my clients has been looking into Switchvox, for use with SIP.  Because some phones would be connecting across the WAN, I would like to put the Switchvox on a public static address.  From what I am being told, there is no way for me to access the firewall functions of the underlying Linux distro.  

Is there a way for me to close and open ports on the nic of the Switchvox?  I would like to only open the standard 5060 ; 10000-2000 ; and possibly a couple non standard ports, but keep everything else closed.

I find it hard to believe that there is no way to do this, which forces you to put the device behind a NAT, which SIP does not work well with.  Seems very illogical.
Question by:jkockler
    LVL 39

    Assisted Solution

    well have you tried with nmap if there are any other ports open?

    If no one is listening on another port then the attack surface doesn't change, firewall or not.
    LVL 7

    Expert Comment

    Here's a post which does describe a way to get to the root console on the system, but it's really designed to be an appliance with all configuration via the web interface.

    If you find that you're unable to do this with switchvox, the AstLinux project has a nice setup with full firewall and several vpn options.  It would be preferable to set up Snom phones which have OpenVPN capabilities to having open sip ports.  We include the Asterisk-gui (2.0) as well as a basic web interface to access firewall and other system settings.  We're close to our next release so I would suggest getting on the mailing list before installing the available install files from the Sourceforge site.
    LVL 4

    Author Comment

    Does AstLinux have a dialer option?  If so, is there a way to run the dialer with allowguest=no ?
    LVL 7

    Expert Comment

    AstLinux is very basic compared to Switchvox.  You would need to use a 3rd party application that can interface with a generic Asterisk install.  There are several out there.  Switchvox is a very nice packaged system.  Astlinux is designed to be used by someone who needs and wants more under the hood control.  It's not for everyone, but if you are willing to dig under the hood and learn some of the underlying components, it should serve you well.  It's also designed to run on embedded type hardware making it less prone to hardware failure.
    LVL 4

    Author Comment

    cool.  Normally I just run straight asterisk, but the switchvox was something a client of mine purchased and wants me to support.  Fine with me!  lol ...
    LVL 32

    Accepted Solution

    I have your answer. We've deployed many switchvoxes.>  From what I am being told, there is no way for me to access the firewall functions of the underlying Linux distro.  That is 100% correct. There is no shell access and no access from the GUI. >FirewallThe distro is hardened and does not list have any extraneous services running on ports that would make it susceptible to attack from the outside. You can drop it on a public IP address with no worries.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Suggested Solutions

    So you think no one can listen in on your VOIP conversations, eh? Well... if you haven't setup Secure Real Time Transport (SRTP), your voice communications can be hacked into by just about anyone! First, let's talk about the intended audience for…
    How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now