Fernando, Yes, "nat=no" is proper for your local SIP client case (also "canreinvite=no") in sip.conf. You can leave "nat=yes" in the [general] section since the local context values will override it. Of course your SIP client should have NAT disabled as well.
Understand that your SIP client is not NAT'ed when talking with the SIP server (Asterisk), then the call is transcoded to/from IAX2 for the public leg. Should you ever add a public SIP endpoint, that context would be "nat=yes", but with "canreinvite=no" Asterisk will always be in the media path so it should work. Also set in sip.conf -- externip=1.2.3.4 ; Replace with pfsense public IP WAN address localnet=10.30.2.0/255.255.255.0 -- this isn't needed without a public SIP endpoint, but good practice for this type of setup. One-way audio is often NAT mismatch issues with SIP. Lonnie On Sep 20, 2011, at 2:48 PM, Fernando Fuentes wrote: > Lonnie, > > The sip clients are in the same subnet as the 10.30.2.0/24 > nat=yes is set on my general and individually in each ext. > Does it need to be "nat=no"? > Mhhhhh > > let me make a diagram here on how I have the astlinux setup > > [WAN]----[-pfsense 10.30.2.0/24-]-----[SWITCH]---------[-AstLinux Ext Port @ > 10.30.2.52-] > | > | > [sip client 10.30.2.51] > Thank You, > > > On Tue, Sep 20, 2011 at 2:26 PM, Lonnie Abelbeck <li...@lonnie.abelbeck.com> > wrote: > Fernando, > > So your SIP clients are all local? Are the SIP clients on the same > 10.30.2.0/24 subnet as your AstLinux box or on a different subnet behind the > AstLinux box? > > Is "nat=no" defined for all your sip.conf context's? Or at least defined in > the [general] context. > > Lonnie > > > On Sep 20, 2011, at 1:59 PM, Fernando Fuentes wrote: > > > Lonnie, > > > > I guess I am regarding question number two. I am still having issues > > hearing the other side. They can here me but I cant hear them and my sip > > clients still show offline though I can still make calls and they can here > > me I just can here them and I cant seem to narrow the problem down. I am > > using IAX2 for the provider and sip for the extensions. > > > > On Tue, Sep 20, 2011 at 1:44 PM, Lonnie Abelbeck > > <li...@lonnie.abelbeck.com> wrote: > > That looks better, so you are good? > > > > Lonnie > > > > On Sep 20, 2011, at 1:29 PM, Fernando Fuentes wrote: > > > > > Well there it goes my IP. lol that was stupid. > > > > > > On Tue, Sep 20, 2011 at 1:29 PM, Fernando Fuentes > > > <digitaldis...@gmail.com> wrote: > > > Lonnie, > > > > > > Due to a more complex WAN I have to keep a firewall in front. I am > > > running AstLinux in an Alix box and the alix box wont be able to handle > > > the WAN pipe of 100/50 > > > > > > Sorry about the "/" that was a tipo. > > > > > > ok so I fixed some of the rules and here is what it looks like now: > > > > > > Pass EXT->Local TCP 10.30.2.0/24 22 > > > Comment: Allow ssh from external > > > + Pass EXT->Local TCP 10.30.2.0/24 443 > > > Comment: Allow https from Ext > > > + Pass EXT->Local UDP 209.62.1.2 10000-10100 > > > Comment: houston.voip.ms RST > > > + Pass EXT->Local UDP 209.62.1.2 4569 > > > Comment: houston.voip.ms IAX2 > > > + Pass EXT->Local UDP 209.62.1.2 5060 > > > Comment: houston.voip.ms SIP > > > + Pass EXT->Local UDP 76.31.169.54 10000-10100 > > > Comment: Allow all RST > > > + Pass EXT->Local UDP 76.31.169.54 4569 > > > Comment: Allow IAX2 > > > + Pass EXT->Local UDP 76.31.169.54 5060 > > > Comment: Allow all SIP > > > > > > My firewall "pfsense" has all of the port forward it as well. > > > > > > I am using IAX2 to try and circumvent the nat issues I have faced. I have > > > been successful at getting the trunk online and register as well as to > > > make outbound calls but the issue I have been facing for some time now is > > > that the end user can hear me but I can not hear them. This should be > > > simple using IAX2 since it uses 1 port only... But it has not been the > > > case for me. > > > > > > Any ideas that can shed me some light? > > > > > > TIA! > > > > > > On Tue, Sep 20, 2011 at 12:59 PM, Lonnie Abelbeck > > > <li...@lonnie.abelbeck.com> wrote: > > > Hi Fernando, > > > > > > Currently AstLinux does not support "nagios", though "zabbix" is similar > > > and is included by default in AstLinux. > > > > > > For your Firewall settings, I see some possible issues. > > > 1) what is the backslash doing in the ports?, ie 22\22, why not just 22 > > > and 10000-101000 > > > > > > 2) If AstLinux is behind NAT via another router, all the ports you are > > > allowing in AstLinux must also be NAT-Forwarded on your external firewall > > > to the internal IP of your AstLinux box. > > > > > > 2b) In addition, the source address range (10.30.2.0/24) is probably not > > > correct, if NAT-Forwarded via your external firewall the source address > > > will be the original public address for the remote client. > > > > > > 2c) Placing asterisk behind NAT can work, though tricky. I personally > > > have AstLinux as my edge router so no NAT is involved. > > > > > > Lonnie > > > > > > > > > > > > On Sep 20, 2011, at 12:24 PM, Fernando Fuentes wrote: > > > > > > > Hello all. > > > > > > > > Just wanted to see if is possible to load nrpev2 in astlinux? I am > > > > trying to monitor space, process, users, uptime with nagios. > > > > > > > > Second question is that I have my sip peers been monitor and they show > > > > off line. Though I can make calls just fine asterisk think they are off > > > > line. > > > > > > > > Here are my firewall rules just in case: > > > > > > > > Note: the Ext port is behind a nated firewall. > > > > > > > > + Pass EXT->Local TCP 10.30.2.0/24 22\22 > > > > Comment: Allow ssh from external > > > > + Pass EXT->Local TCP 10.30.2.0/24 443\443 > > > > Comment: Allow https from Ext > > > > + Pass EXT->Local UDP 10.30.2.0/24 10000\10100 > > > > Comment: Allow all internal RST > > > > + Pass EXT->Local UDP 10.30.2.0/24 4569 > > > > Comment: Internal IAX2 > > > > + Pass EXT->Local UDP 10.30.2.0/24 5060\5060 > > > > Comment: Allow all internal SIP > > > > + Pass EXT->Local UDP voipservice 10000\10100 > > > > Comment: houston.voip.ms RST > > > > + Pass EXT->Local UDP voipservice 4569 > > > > Comment: houston.voip.ms IAX2 > > > > + Pass EXT->Local UDP voipservice 5060\5060 > > > > Comment: houston.voip.ms SIP > > > > ------------------------------------------------------------------------------ > > > > > > ------------------------------------------------------------------------------ > > All the data continuously generated in your IT infrastructure contains a > > definitive record of customers, application performance, security > > threats, fraudulent activity and more. Splunk takes this data and makes > > sense of it. Business sense. IT sense. Common sense. > > http://p.sf.net/sfu/splunk-d2dcopy1 > > _______________________________________________ > > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > > pay...@krisk.org. > > > > ------------------------------------------------------------------------------ > > All the data continuously generated in your IT infrastructure contains a > > definitive record of customers, application performance, security > > threats, fraudulent activity and more. Splunk takes this data and makes > > sense of it. Business sense. IT sense. Common sense. > > http://p.sf.net/sfu/splunk-d2dcopy1_______________________________________________ > > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > > pay...@krisk.org. > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1_______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
