Thanks Lonnie. I understand now. Yay! I will give it a try. Regards Michael Knill
-----Original Message----- From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> Date: Wednesday, 6 September 2017 at 6:46 am To: AstLinux List <astlinux-users@lists.sourceforge.net> Subject: Re: [Astlinux-users] Guidance on configuring NAT on Astlinux Michael, > "NAT EXT->LAN" rule with a specific "Source" address, ...E.g. will Astlinux > ONLY NAT EXT->LAN the traffic from the specified source address? Yes. > Im also not quite sure what the NAT EXT: field is used for which appears when > you select "NAT EXT->LAN" and would love someone to explain it to me. When you have multiple external *static* IPv4 addresses, NAT EXT: lets you restrict which "public" destination IPv4 address to apply the NAT rule to. The default "0/0" means any external IPv4 address, and would be required of you had a dynamic IPv4 external address. Lonnie On Sep 5, 2017, at 3:19 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> wrote: > Hi thanks Lonnie and Michael for your input. > > There are no remote clients so that should not be a problem. Michael the > internal PBX is not Asterisk and is not managed by myself. As such, although > I would like to proxy to the internal PBX, this will not be possible as I > have no configuration access to it. > They were having issues previously which were resolved with fixed NAT rules > on the current firewall so I will certainly still want to add this > configuration on Astlinux. > > Basically from what I can see, it should work fine but I just wanted to check > that if I add a "NAT EXT->LAN" rule with a specific "Source" address, then > this traffic will be forwarded to the internal PBX but all other traffic > using the same ports (e.g. 5060 and potentially media ports) will terminate > locally on the Astlinux appliance. E.g. will Astlinux ONLY NAT EXT->LAN the > traffic from the specified source address? > > Im also not quite sure what the NAT EXT: field is used for which appears when > you select "NAT EXT->LAN" and would love someone to explain it to me. > > Thanks all. > > Regards > Michael Knill > > -----Original Message----- > From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> > Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> > Date: Tuesday, 5 September 2017 at 11:05 pm > To: AstLinux List <astlinux-users@lists.sourceforge.net> > Subject: Re: [Astlinux-users] Guidance on configuring NAT on Astlinux > > Hi Michael, > > It depends, if the pre-existing SIP PBX only does outbound calls (SIP > trunking) then don't enable any "NAT EXT->LAN" to the SIP PBX and make sure > the SIP PBX trunk registers or qualifies often enough to keep a firewall > state open for inbound calls from the provider. You may have to forward the > RTP media range, again depends, try without but be prepared to "NAT EXT->LAN" > the RTP range if needed. > > If the pre-existing SIP PBX has to service remote "clients", that is more > trouble with NAT, in that case I would consider using your AstLinux box at > the edge to handle those and act as a proxy to the internal pre-existing SIP > PBX. > > Lonnie > > > > On Sep 5, 2017, at 6:06 AM, Michael Knill <michael.kn...@ipcsolutions.com.au> > wrote: > >> Hi Michael >> >> Thanks for that but you misunderstand sorry. >> Astlinux is on the edge and a SIP PBX is on the inside that will eventually >> be replaced. >> >> Regards >> Michael Knill >> >> -----Original Message----- >> From: Michael Keuter <li...@mksolutions.info> >> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> >> Date: Tuesday, 5 September 2017 at 6:20 pm >> To: AstLinux List <astlinux-users@lists.sourceforge.net> >> Subject: Re: [Astlinux-users] Guidance on configuring NAT on Astlinux >> >> >>> Am 05.09.2017 um 09:16 schrieb Michael Knill >>> <michael.kn...@ipcsolutions.com.au>: >>> >>> Hi group >>> >>> I have a bit of a tricky one that I want to run past the Astlinux firewall >>> experts. >>> >>> Scenario: >>> An existing PBX (soon to be replaced) using an existing SIP Provider >>> sitting BEHIND an Astlinux appliance which is connected to another SIP >>> Provider. >>> >>> Should I just be able to do NAT EXT -> LAN to the internal PBX for 5060 & >>> Media Ports using the Source IP Addresses of their current provider? Or do >>> I need to add something in NAT EXT: ? >>> I just recall that I had issues with Astlinux and forwarding 5060 but that >>> was a while ago. >>> >>> Thanks. >>> >>> Regards >>> Michael Knill >> >> Hi Michael, >> >> I had the same issue. It is quite easy: >> >> On the PBX behind the main AstLinux box set in sip.conf: >> >> ; NAT settings >> externaddr=xx.xx.xx.xx:5062 ; this tells the second provider to send the >> returning packets to port 5062! >> localnet=yy.yy.yy.yy/255.255.255.0 >> nat=force_rport,comedia >> >> Then on the main AstLinux box set NAT EXT -> LAN port 5062 to the IP of the >> 2nd PBX but on port 5060! >> Then just use different RTP ports then on the edge box. >> >> Michael >> >> http://www.mksolutions.info >> >> >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. >> >> > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
