[asterisk-users] Firewall audio : need a wide range to work !
Hello list ! I have the following problem at a customer : Their is a firewall in between the internal network (with IP-phones) and the public Asterisk-server. I see the following message when sip debug enabled : [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] --- (11 headers 11 lines) --- [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Found RTP audio format 8 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Found RTP audio format 101 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Peer audio RTP is at port 192.168.0.24:11772 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Found audio description format PCMA for ID 8 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Found audio description format telephone-event for ID 101 alaw) d - 0x1 (telephone-event) [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Peer audio RTP is at port 192.168.0.24:11772 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] list_route: hop: sip:ic...@192.168.0.24:5062 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] set_destination: Parsing sip:ic...@192.168.0.24:5062 for address/port to send to [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] set_destination: set destination to 192.168.0.24, port 5062 But when opening a range of ports on the firewall 11700 -- 11800, the audio is not coming through !! When opening the ports 11000 -- 11800, then the audio is coming through fine ! Can someone explain me why range 1 is not enough fot the RTP-traffic ?! Jonas. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Firewall audio : need a wide range to work !
Have a look at rtp.conf. On 03/24/2010 06:33 AM, jonas kellens wrote: Hello list ! I have the following problem at a customer : Their is a firewall in between the internal network (with IP-phones) and the public Asterisk-server. I see the following message when sip debug enabled : [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] --- (11 headers 11 lines) --- [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Found RTP audio format 8 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Found RTP audio format 101 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Peer audio RTP is at port *192.168.0.24:11772* [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Found audio description format PCMA for ID 8 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Found audio description format telephone-event for ID 101 alaw) d - 0x1 (telephone-event) [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Peer audio RTP is at port *192.168.0.24:11772* [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] list_route: hop: sip:ic...@192.168.0.24:5062 sip:itcza...@192.168.0.24:5062 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] set_destination: Parsing sip:ic...@192.168.0.24:5062 for address/port to send to [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] set_destination: set destination to 192.168.0.24, port 5062 But when opening a range of ports on the firewall 11700 -- 11800, the audio is not coming through !! When opening the ports 11000 -- 11800, then the audio is coming through fine ! Can someone explain me why range 1 is not enough fot the RTP-traffic ?! Jonas. -- Alex Balashov - Principal Evariste Systems LLC Tel: +1 678-954-0670 Direct : +1 678-954-0671 Web: http://www.evaristesys.com/ -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Firewall audio : need a wide range to work !
In rtp.conf the audio port range for the public Asterisk server is defined. Why is this important for the firewall at client side ?? By the way the range defined is : rtpstart=11500 rtpend=11600 Do I then need to open up the same range on the firewall at my customer ?? This has nothing to do with incoming traffic on the firewall at my customer's site. Jonas. On Wed, 2010-03-24 at 06:39 -0400, Alex Balashov wrote: Have a look at rtp.conf. On 03/24/2010 06:33 AM, jonas kellens wrote: Hello list ! I have the following problem at a customer : Their is a firewall in between the internal network (with IP-phones) and the public Asterisk-server. I see the following message when sip debug enabled : [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] --- (11 headers 11 lines) --- [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Found RTP audio format 8 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Found RTP audio format 101 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Peer audio RTP is at port *192.168.0.24:11772* [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Found audio description format PCMA for ID 8 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Found audio description format telephone-event for ID 101 alaw) d - 0x1 (telephone-event) [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Peer audio RTP is at port *192.168.0.24:11772* [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] list_route: hop: sip:ic...@192.168.0.24:5062 sip:itcza...@192.168.0.24:5062 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] set_destination: Parsing sip:ic...@192.168.0.24:5062 for address/port to send to [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] set_destination: set destination to 192.168.0.24, port 5062 But when opening a range of ports on the firewall 11700 -- 11800, the audio is not coming through !! When opening the ports 11000 -- 11800, then the audio is coming through fine ! Can someone explain me why range 1 is not enough fot the RTP-traffic ?! Jonas. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Firewall audio : need a wide range to work !
You should be able to establish a very narrow range (4 ports per line) by monitoring the ports with netstat and adjusting accordingly. _ From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of jonas kellens Sent: Wednesday, March 24, 2010 6:21 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Firewall audio : need a wide range to work ! In rtp.conf the audio port range for the public Asterisk server is defined. Why is this important for the firewall at client side ?? By the way the range defined is : rtpstart=11500 rtpend=11600 Do I then need to open up the same range on the firewall at my customer ?? This has nothing to do with incoming traffic on the firewall at my customer's site. Jonas. On Wed, 2010-03-24 at 06:39 -0400, Alex Balashov wrote: Have a look at rtp.conf. On 03/24/2010 06:33 AM, jonas kellens wrote: Hello list ! I have the following problem at a customer : Their is a firewall in between the internal network (with IP-phones) and the public Asterisk-server. I see the following message when sip debug enabled : [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] --- (11 headers 11 lines) --- [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Found RTP audio format 8 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Found RTP audio format 101 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Peer audio RTP is at port *192.168.0.24:11772* [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Found audio description format PCMA for ID 8 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Found audio description format telephone-event for ID 101 alaw) d - 0x1 (telephone-event) [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] Peer audio RTP is at port *192.168.0.24:11772* [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] list_route: hop: sip:ic...@192.168.0.24:5062 sip:itcza...@192.168.0.24:5062 [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] set_destination: Parsing sip:ic...@192.168.0.24:5062 for address/port to send to [Mar 24 11:19:36] VERBOSE[5087] logger.c: [Mar 24 11:19:36] set_destination: set destination to 192.168.0.24, port 5062 But when opening a range of ports on the firewall 11700 -- 11800, the audio is not coming through !! When opening the ports 11000 -- 11800, then the audio is coming through fine ! Can someone explain me why range 1 is not enough fot the RTP-traffic ?! Jonas. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Firewall audio : need a wide range to work !
Netstat is indeed a nice tip to view the RTP-connections between the public Asterisk-server and the firewall on location. On Wed, 2010-03-24 at 08:33 -0500, Danny Nicholas wrote: You should be able to establish a very narrow range (4 ports per line) by monitoring the ports with netstat and adjusting accordingly. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users