I have a FreeBSD 8.1 pf firewall, and a FreeBSD 8.1 system running
Asterisk 1.8. I have been hammering at this for a few weeks now with
little forward progress. I'm about to go nuts trying to figure out what
the hell is going on.
I have set up asterisk to trunk to my provider, and originally I
couldn't get incoming calls working but I could ring out- I'm happy to
report I can now receive incoming calls, but annoyingly now I can't ring
out!
In order to get incoming calls I had to upgrade from asterisk 1.4 - 1.8
and change my firewall settings:
$voip = asterisk server
$nodephone = provider server
$voip_tcp = 5060
$voip_udp = { 5060, 4569, 5036, 2727 }
nat on $ext_if inet proto { tcp, udp } from any port $voip_tcp to any ->
($ext_if) port $voip_tcp
rdr on $ext_if inet proto { tcp, udp } from any to ($ext_if) port
$voip_tcp -> $voip port $voip_tcp
rdr on $ext_if inet proto { tcp, udp } from $voip port $voip_tcp to any
port $voip_tcp -> ($ext_if) port $voip_tcp
block log (all, log)
block in quick on $ext_if from $no_route_ips to any
block out quick on $ext_if from any to $no_route_ips
pass in $log on $ext_if inet proto tcp from any to $voip port $voip_tcp
flags S/SA keep state
pass in $log on $ext_if inet proto udp from any to $voip port $voip_udp
keep state
pass out $log on $int_if inet proto udp from any port $voip_udp to $voip
port $voip_udp keep state
pass out $log on $int_if inet proto tcp from any port $voip_tcp to $voip
port $voip_tcp flags S/SA keep state
pass out $log on $ext_if from $localnet to any
Everything appears to work, but the provider comes back with 200 and
asterisk seems to do nothing and so it times out and errors with what it
says is "circuit busy" from the provider.
tcpdump from both m/c's shows traffic to and from the asterisk server
and the provider on port 5060, but rtp traffic (port 20000+) between the
provider and asterisk only when an incoming call comes in, and between
asterisk and the client.
Also in the invites from asterisk to the provider it says audio at port
5060.
Am I missing something? I've tried the Asterisk list but I've gotten
only one miniscule reply in nearly a weeks time, and my provider will
not support Asterisk and won't say boo (mainly dependent on who you talk
to at the time)- the only thing I get is its working their end (yay for
them... :P).
Incidentally, their only response (to any problems with the service:
asterisk, ata's, whatever) is to "open up all ports between our server
and your server/ata". Apparently they "automagically" get around nat
issues so nat is not necessary. But my main issue with that is what
happens if someone spoofs their ip address? Not to mention I want to
host this service (not their trunk, but my services) so I need to be
able to accept from more than just their server. They don't seem to be
able to track the ports they're using.
The only change I can tell is the upgrade to 1.8 and firewall settings
that now allow me to receive calls- am I doomed to have only one or the
other :( ?
Any clues before I lose all my hair guys?
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
