Hi all,
I have a 512KB DSL connection. I can use my asterisk server with a direct connection to my router. but i want to have a firewall in between my router and asterisk server…I can have 1 to 1 nat in my firewall cuz i got 3 public IP addresses with my DSL connection. Can anyone tell me only thing i have to do is change sip.conf setting,
externip = 200.201.202.203 ;where 200.201.202.203 is my public ip address
is there any changes i have to made and what are the ports i should open in my firewall… I guess port 5060 is not enough cuz clients changes its port when ever they reconnect with the asterisk server.
be a little clearer about what you’re experiencing. did you read the sticky at the top of the forum and the link to the wiki pages about NAT. if you forward the appropriate ports to your Asterisk server (and make sure you consult rtp.conf before settig them) then you shouldn’t have a problem.
when i put all the login information to my sip client(eyebeam) and register it, it got registered with the server…i can access my voice mail as well as music on hold. and even i can hear the music as well as automated voice.
but when i try to call from one phone to another phone is ringing once i pick the phone and try to talk from one to another voice is not travelling…
this cant be cuz i tried the same settings without a firewall everything worked fine…
Baconbuttie has the right info. This is addressed in detail in some posts from last spring. Just do a search for NATD, X-Lite, etc…it’s there. Someone did a real detailed listing of what ports you need to forward. My system didn’t work either until I followed this post.
You need UDP for ports 5060 thru 5082 and 7999-20001. I also forward 4569 and 2727, both UDP and TCP. Some will tell that you only need UDP and that’s all you should need but somewhere I read to forward TCP as well so I did. It work and I’m afraid to unforward TCP now…if it ain’t broken don’t fix it…
are you allowing a re-invite ? if Asterisk steps out the media path, and you have your firewall forwarding to a specified box, then you’re going to get one-way audio.
the pages (and pages) of info about NAT & Asterisk all tell you to port-forward UDP 5060 (- 5070) and UDP 10000-20000 … check/adjust /etc/asterisk/rtp.conf, for a small install you don’t need to forward so many ports, i use 10000-12000, and you should be good to go.
canreinvite should be set to ‘no’ for the SIP clients.
so can you tell me when i try the command sip show peers why i see diferent port numbers other than numbers in between 10000 - 20000
i see some of my clients have 44000+ port numbers even
10000-20000 (or whatever) is for RTP. 5060 is for SIP. the port number shown in ‘sip show peers’ is the port that the client is listening on … Asterisk will listen on the port set in sip.conf
in this page one stated
"Wei (wei3hu2 at msn dot com)
07 July 2005 07:54:01
Hi, You examples are great. They covered most phone-to-asterisk NAT scenario. I have no problem of multiple phones behind the same NAT, registering with an asterisk server outside NAT (Pubic Address). Phones can call PSTN via Asterisk, or other phones behind other NATs with no problem. But these phones can’t speak to each other. They can ring each other (sip working). But when you pickup the phone, there are no audio (RTP not working). I can see the RTP packets are dropped on the NAT device with icmp port unreachable error. The source & destination RTP ports are correct. The NAT device can’t forward these packets to the phone on its inside interface. Any suggestion to fix this issue? Thanks, Wei "
maybe we don’t need to check that site out because we worked through the links given here and on the wiki and fixed them !! and the owner of that site probably contributed towards the help pages here and the wiki anyway.
u may be right…in theory what u’ve explianed is right. but when it comes to practical situation it might not work…have u ever tried installing asterisk behind a firewall?
every Asterisk installation i’ve done is behind a firewall. have i ever had a one-way audio situation … no. but then i read the wiki and the assorted other sites that Google kicks up before i started.
dont know your firewall but if your concerned with ports just forward them all to your asterisk server (1-100,000 or whatever)
if you already have ports being forwarded to a web or mail server, just comment them out. (or leave them and forward around port 80 and smtp port)
This will at least tell u if thier is a port problem. Bottom line and you can move on to trouble shooting it if its a different problem.
[quote=“hacksics”]hi baconbutti…
yes exactly thats my problem…
what we have to do is just forward the udp 10000-20000 and 5060 to 5100 right.
