Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    UDP Security Problem

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rajith
      last edited by

      Hello,

      We have 2 pfsense firewalls on 2 sites (1 on either site). Site A has an Asterisk server with a public IP. Site B has an Asterisk server with a private IP NATed to  a public IP. I needed to connect those Asterisk servers with IAX protocol. But I haven't allowed the Asterisk servers to access each other through rules. (I have configured outgoing rules on both sides, but haven't configured incoming rules) But surprisingly those 2 Asterisk servers can communicate each other via IAX without any problem. I can see on the logs, that the packets getting blocked. I even specifically blocked each other. Yet they can access each other via IAX. But, they can't ping each other.

      The pfsense version that I am using is 1.2 RELEASE. The IAX protocol communicate via UDP port 4569.

      I see this as a security bug in pfsense. I have been using pfsense for the last 2 years and it works very well.

      Hoping for a solution,

      Thanks,

      Rajith.

      1 Reply Last reply Reply Quote 0
      • B Offline
        Bern
        last edited by

        I don't think it's a bug, UDP is a connectionless protocol and allows hole punching:

        http://en.wikipedia.org/wiki/UDP_hole_punching

        I don't know enough about Asterix to say if that's what's happening but Skype definitely works this way and so does TeamViewer.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.