Hello,
I was reviewing my asterisk log and found a connection attempt from an unexpected peer.
I found the attempt in the astaro log as follows -
2010:05:24-05:24:24 brk ulogd[3437]: id="2016" severity="info" sys="SecureNet" sub="packetfilter" name="SIP call RTP" action="SIP call RTP" fwrule="60018" seq="0" initf="ppp0" outitf="eth0" srcip="188.138.56
.109" dstip="192.168.1.60" proto="17" length="442" tos="0x00" prec="0x00" ttl="52" srcport="5076" dstport="5060"
2010:05:24-05:24:26 brk ulogd[3437]: id="2016" severity="info" sys="SecureNet" sub="packetfilter" name="SIP call RTP" action="SIP call RTP" fwrule="60018" seq="0" initf="ppp0" outitf="eth0" srcip="188.138.56
.109" dstip="192.168.1.60" proto="17" length="459" tos="0x00" prec="0x00" ttl="52" srcport="5065" dstport="5060"
What I don't understand is why this packet would get through? I have sip enabled, but have a specific server list and the above IP address isn't on the allowed list.
How can I debug why this happened? I don't see any other reference to that srcip address anywhere else in the logs. Also, is there any logging of the network definitions when they are resolved?
This thread was automatically locked due to age.
