Fasthosts blocks server to server traffic – anyone know why?

I had a customer yesterday that was trying to set up Asterisk on a Fasthosts dedicated server. This was working well apart from inbound calls from a specific DID/DDI provider. It turned out that the call provider was also using a Fasthosts dedicated server and that traffic between Fasthosts dedicated servers is blocked (although some basic ports are allowed – 22,25,53 and 80 just to confuse things even more!).

This meant that the SIP traffic going from the call provider to the customers Asterisk server was being blocked.

Fasthosts helpdesk confirmed that this is the case and the usual solution suggested is to set up a private LAN between the 2 servers. However this is only possible where both servers are owned by the same customer, which is obviously not the case here.

Does anyone know the reason for this policy? This is the second customer I’ve seen in the past few months where this has caused an issue. I can’t think of a logical reason. Thanks!

6 thoughts on “Fasthosts blocks server to server traffic – anyone know why?

  1. Michael Findlay

    Hello Matt,

    The reason for this is security, as you can understand with server to server traffic it only takes a single Administrator of the server to not secure their box and it become compromised to cause problems for other customers on the network.

    It is for this reason and the peace of mind of customers that we ensure the ports above allowed to communicate ensuring that we prevent as many problems as possible.

    If you did need to send this traffic to that server you could tunnel the connection using SSH between the two servers.

    Michael

  2. matt Post author

    Hi Michael

    Thanks for taking the time to reply.

    I understand adding security measures is a good idea, however it’s definitely caused some issues for some of your customers.

    This particular VOIP call provided is inaccessible to any of your customers due to SIP port 5060 being blocked.

    It’s not possible to set up any sort of tunneling between the 2 servers as they are owned and run by 2 different companies (yes, technically possible but not practically)

    Cheers Matt

  3. matt Post author

    Hi Michael,

    The customer had to use an additional server outside of the Fasthosts network to bounce the traffic out and back in again. Obviously not ideal and would prevent them taking an additional server from Fasthosts.

  4. Michael Findlay

    Hello Matt,

    In this case I can fully understand why this would be a problem, if the servers are in all the same account then you can use the private lan service, but it is a problem if the servers are in two separate accounts. If you contact me via e-mail I will certinally request the addition of third party accounts to be added to the private lan service.

    If you send the details to [email protected] and I will ensure I log this as I have been looking at how we can improve this.

    Kind regards,

    Michael

  5. Steve

    We’re also running a VoIP service on fasthosts and I’ve just heard about this. Has this ever been resolved?

Comments are closed.