Lonnie,
Due to a more complex WAN I have to keep a firewall in front. I am running
AstLinux in an Alix box and the alix box wont be able to handle the WAN pipe
of 100/50
Sorry about the "/" that was a tipo.
ok so I fixed some of the rules and here is what it looks like now:
Pass EXT->Local TCP 10.30.2.0/24 22
Comment: Allow ssh from external
+ Pass EXT->Local TCP 10.30.2.0/24 443
Comment: Allow https from Ext
+ Pass EXT->Local UDP 209.62.1.2 10000-10100
Comment: houston.voip.ms RST
+ Pass EXT->Local UDP 209.62.1.2 4569
Comment: houston.voip.ms IAX2
+ Pass EXT->Local UDP 209.62.1.2 5060
Comment: houston.voip.ms SIP
+ Pass EXT->Local UDP 76.31.169.54 10000-10100
Comment: Allow all RST
+ Pass EXT->Local UDP 76.31.169.54 4569
Comment: Allow IAX2
+ Pass EXT->Local UDP 76.31.169.54 5060
Comment: Allow all SIP
My firewall "pfsense" has all of the port forward it as well.
I am using IAX2 to try and circumvent the nat issues I have faced. I have
been successful at getting the trunk online and register as well as to make
outbound calls but the issue I have been facing for some time now is that
the end user can hear me but I can not hear them. This should be simple
using IAX2 since it uses 1 port only... But it has not been the case for me.
Any ideas that can shed me some light?
TIA!
On Tue, Sep 20, 2011 at 12:59 PM, Lonnie Abelbeck <li...@lonnie.abelbeck.com
> wrote:
> Hi Fernando,
>
> Currently AstLinux does not support "nagios", though "zabbix" is similar
> and is included by default in AstLinux.
>
> For your Firewall settings, I see some possible issues.
> 1) what is the backslash doing in the ports?, ie 22\22, why not just 22 and
> 10000-101000
>
> 2) If AstLinux is behind NAT via another router, all the ports you are
> allowing in AstLinux must also be NAT-Forwarded on your external firewall to
> the internal IP of your AstLinux box.
>
> 2b) In addition, the source address range (10.30.2.0/24) is probably not
> correct, if NAT-Forwarded via your external firewall the source address will
> be the original public address for the remote client.
>
> 2c) Placing asterisk behind NAT can work, though tricky. I personally have
> AstLinux as my edge router so no NAT is involved.
>
> Lonnie
>
>
>
> On Sep 20, 2011, at 12:24 PM, Fernando Fuentes wrote:
>
> > Hello all.
> >
> > Just wanted to see if is possible to load nrpev2 in astlinux? I am trying
> to monitor space, process, users, uptime with nagios.
> >
> > Second question is that I have my sip peers been monitor and they show
> off line. Though I can make calls just fine asterisk think they are off
> line.
> >
> > Here are my firewall rules just in case:
> >
> > Note: the Ext port is behind a nated firewall.
> >
> > + Pass EXT->Local TCP 10.30.2.0/24 22\22
> > Comment: Allow ssh from external
> > + Pass EXT->Local TCP 10.30.2.0/24 443\443
> > Comment: Allow https from Ext
> > + Pass EXT->Local UDP 10.30.2.0/24 10000\10100
> > Comment: Allow all internal RST
> > + Pass EXT->Local UDP 10.30.2.0/24 4569
> > Comment: Internal IAX2
> > + Pass EXT->Local UDP 10.30.2.0/24 5060\5060
> > Comment: Allow all internal SIP
> > + Pass EXT->Local UDP voipservice 10000\10100
> > Comment: houston.voip.ms RST
> > + Pass EXT->Local UDP voipservice 4569
> > Comment: houston.voip.ms IAX2
> > + Pass EXT->Local UDP voipservice 5060\5060
> > Comment: houston.voip.ms SIP
> >
> ------------------------------------------------------------------------------
>
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure contains a
> definitive record of customers, application performance, security
> threats, fraudulent activity and more. Splunk takes this data and makes
> sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2dcopy1
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
