Vitelity

http://www.vitelity.com/

Vitelity is a wholesale IP telecommunications provider and we are their local agent:

• SIP Trunking
• vFAX
• International DIDs

To audit your vFax usage/billing, you would:

User Portal → Billing → Invoice → vFax → <account>

VoIP Servers:

64.2.142.0/24
66.241.96.0/24
66.241.97.0/24
66.241.99.0/24
66.241.107.0/24
66.241.109.0/24
66.241.111.0/24
140.239.143.0/24
207.166.136.0/24
207.166.137.0/24
207.166.138.0/24

Our normal method for firewalling PBXs is:

1. Locate the PBX behind your primary NAT firewall
2. Permit all outbound traffic
   • Only because it's easy
3. Permit no inbound traffic
   • Other than the next items
4. Forward voice traffic in to the PBX
   • Destination NAT (DNAT)
   • All forwarded port ranges are UDP
   • 5060-5061 for SIP and SIPS
   • 10000-20000 for RTP
5. Limit the port forwarding rules by source-address-list
   • Create an address list
   • Add all Vitelity IP addresses
   • Add fixed IP addresses of any remote extensions
   • Only forward the ports if the traffic comes from trusted partners
6. Make sure that forwarded traffic is permitted
   • Mikrotik RouterOS devices do this automatically with the forwarding rules

/ip firewall address-list
add address=64.2.142.0/24 comment="Vitelity Voice Servers" list=vitelity
add address=66.241.96.0/24 list=vitelity
add address=66.241.97.0/24 list=vitelity
add address=66.241.99.0/24 list=vitelity
add address=66.241.107.0/24 list=vitelity
add address=66.241.109.0/24 list=vitelity
add address=66.241.111.0/24 list=vitelity
add address=140.239.143.0/24 list=vitelity
add address=207.166.136.0/24 list=vitelity
add address=207.166.137.0/24 list=vitelity
add address=207.166.138.0/24 list=vitelity

vim /etc/sysconfig/iptables

# Allow INTERNAL connections to SIP and IAX signalling ports
-A INPUT -p udp -m udp -m multiport -j ACCEPT --dports 5060,4569 -s 192.168.30.0/24 
# Allow SIP PROVIDER connections to SIP and IAX signalling ports
-A INPUT -p udp -m udp -m multiport -j ACCEPT --dports 5060,4569 -s 64.2.142.0/24
-A INPUT -p udp -m udp -m multiport -j ACCEPT --dports 5060,4569 -s 66.241.96.0/24
-A INPUT -p udp -m udp -m multiport -j ACCEPT --dports 5060,4569 -s 66.241.97.0/24
-A INPUT -p udp -m udp -m multiport -j ACCEPT --dports 5060,4569 -s 66.241.99.0/24
-A INPUT -p udp -m udp -m multiport -j ACCEPT --dports 5060,4569 -s 66.241.107.0/24 
-A INPUT -p udp -m udp -m multiport -j ACCEPT --dports 5060,4569 -s 66.241.109.0/24
-A INPUT -p udp -m udp -m multiport -j ACCEPT --dports 5060,4569 -s 66.241.111.0/24
-A INPUT -p udp -m udp -m multiport -j ACCEPT --dports 5060,4569 -s 140.239.143.0/24
-A INPUT -p udp -m udp -m multiport -j ACCEPT --dports 5060,4569 -s 207.166.136.0/24
-A INPUT -p udp -m udp -m multiport -j ACCEPT --dports 5060,4569 -s 207.166.137.0/24
-A INPUT -p udp -m udp -m multiport -j ACCEPT --dports 5060,4569 -s 207.166.138.0/24
# Allow connections to RTP ports
-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT

There is a configurable cap to limit calls to expensive international destinations. This is done to limit exposure to abuse.

1. Click on Settings
2. Click on International
3. Choose the desired amount

To view current International rates click the View Rates button to download the CSV for all or enter the countries numerical calling code.

https://community.freepbx.org/t/i-finally-gave-up-chan-sip-for-chan-pjsip-and-it-was-fine/61772/5