32 • Confi guration
[ S N O M 4 S N A T F I L T E R ]
For http and https, you need to know the port numbers when you
want to log in. We recommend not using the standard ports. Operating a
server on the public internet usually leads to a lot of denial of service at-
tacks on the standard ports.
For sip, you must decide if you want to run the server on a stand-
ard port or a random port.
Standard Port Random Port
• User Agents that don’t
support DNS SRV can
automatically find the server
• SIP-aware firewalls
automatically take care
about user agents behind
NAT
• Buggy SIP-aware firewalls
don’t introduce new
problems by modifying SIP
packets
• Less dangerous for DoS
attacks
• Several SIP services can be
run on the same host
The decision depends on the situation. If you plan to use a good
SIP firewall, you should choose the standard port. Otherwise we would
tend to recommend a random port. Non NAT-aware user agents usually
must be configured manually anyway; in this case you can also provide a
port number.
The port for secure sip (sips) is usually 5061. The decision which
port to use is similar to the decision for the SIP port. We recommend using
a random port and publising the port number using DNS SRV.
In some situations when you have several IP addresses you want
to limit the bindings to a specific IP address. You can do this by selecting
the appropriate address from the pull down menu. If you choose „Default
Address“, the server will bind to all available addresses. If you select
„Public Address“, the server will select a public address; if you select „Pri
-
vate Address“, the server will select a private address.
4.