Dear Marco,
thank you for your reaction.
I have several public Asterisk-servers (I have a whole hosted
VoIP-platform), so localnet can not be defined as my customers are
within several ranges that I will not define in my sip.conf.
All SIP-clients have nat=yes in their config.
All SIP-clients have a qualify-option to have a "NAT keep-alive".
So their is no NATting to be done for the RTP-range that you define. The
server is public, the clients are (most of them) private behind NAT.
My office is behind a Endian firewall, and I'm having difficulties
getting Endian 2.3 and my Hosted platform to work together if I can not
open ports just to have them open for incoming traffic.
If I had a private Asterisk-server also, I could indeed forward incoming
traffic to this server.
I would separate my SIP-clients to another subnet or physical network,
but with Endian I can not forward incoming traffic to a specific network
either.
Jonas.
On Fri, 2010-01-15 at 18:25 +0100, Marco Biovi wrote:
> Hi Jonas,
>
> try to put the follow in /etc/asterisk/sip.conf
>
> bindport=5060
> bindaddr=0.0.0.0
> externip="your_public_ip"
> localnet=192.168.1.0/255.255.255.0
> nat=yes
>
> replace "your_public_ip" and 192.168.1.0 with the right values (in
> localnet you have to insert lan address (eg. 192.168.1.0) and not
> server address (eg. 192.168.1.211)
>
> then nat on your router/firewall (server side) towards your asterisk
> server
> 5060(UDP)
> 10000-2000(UDP)
>
> Then configure your sip client as the follow:
> server "your_public_ip"
> port 5060
>
> obviously with your extension number and related password.
>
> Let me know.
>
> Regards,
> Marco
>
>
>
>
>
>
>
> Il 15/01/2010 16:23, jonas kellens ha scritto:
>
> > Hello Marco,
> >
> > to keep the NAT tunnel open between my SIP-phones behind
> > NAT/firewall I send SIP-option packets from my SIP-server (Asterisk)
> > to the SIP-phones.
> >
> > But when I restart my SIP-server and my firewall, my SIP-server
> > complaints :
> >
> > [Jan 14 16:50:26] WARNING[1480]: chan_sip.c:1817 __sip_xmit:
> > sip_xmit of 0x1e56c160 (len 552) to publicip:5063 returned -1:
> > Operation not permitted
> > [Jan 14 16:50:26] WARNING[1480]: chan_sip.c:1817 __sip_xmit:
> > sip_xmit of 0x1e56c3d0 (len 546) to publicip:5062 returned -1:
> > Operation not permitted
> > [Jan 14 16:50:26] WARNING[1480]: chan_sip.c:1817 __sip_xmit:
> > sip_xmit of 0x1e562440 (len 546) to publicip:5061 returned -1:
> > Operation not permitted
> >
> > So the SIP option packets do not get through my Endian firewall any
> > more.
> >
> > That's why I need to just open up this range 5060 --> 5063.
> >
> > Jonas.
> >
> > On Thu, 2010-01-14 at 21:35 +0100, Marco Biovi wrote:
> >
> > > Hi,
> > >
> > > is not necessary to open ports on firewall or nat something.
> > > Connection will be from sip client (phone) to sip server, I have the same
> > > situation and all my ip phone use the 5060 port.
> > > In every phone you will set server ip, server port, domain, realm, ...
> > > All this parameter refers to server.
> > >
> > > I hope this can help you.
> > >
> > > Regards,
> > > Marco
> > >
> >
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Throughout its 18-year history, RSA Conference consistently attracts the
> > world's best and brightest in the field, creating opportunities for
> > Conference
> > attendees to learn about information security's most important issues
> > through
> > interactions with peers, luminaries and emerging and established companies.
> > http://p.sf.net/sfu/rsaconf-dev2dev
> >
> > _______________________________________________
> > Efw-user mailing list
> > Efw-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/efw-user
> >
>
> ------------------------------------------------------------------------------
> Throughout its 18-year history, RSA Conference consistently attracts the
> world's best and brightest in the field, creating opportunities for Conference
> attendees to learn about information security's most important issues through
> interactions with peers, luminaries and emerging and established companies.
> http://p.sf.net/sfu/rsaconf-dev2dev
> _______________________________________________ Efw-user mailing list
> Efw-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/efw-user
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user
