How to allow RTP traffic in (UDP 10000 to 30000)in firewall

sipring · July 19, 2013, 11:39am

Hi

Our client using Asterisk Free PBX and when he connect to our softswich they got error “unsupported media type” and after we do trace find that he should allow all RTP traffic in his firewall

The termination carrier advice as below :

We send the RTP data to the IP address in the SIP SDP that comes from your gateway
to our switch.

Below are the IP ranges that we use for signaling and media traffic.

IPNetwork NetMask InverseMask CIDR
59.154.37.192 255.255.255.192 0.0.0.63 /26
213.166.96.0 255.255.224.0 0.0.31.255 /19
204.13.140.0 255.255.252.0 0.0.0.3.255 /22
216.53.0.0 255.255.192.0 0.0.63.255 /18
66.33.128.0 255.255.192.0 0.0.63.255 /18
206.20.0.0 255.255.0.0 0.0.255.255 /16
169.132.0.0 255.255.0.0 0.0.255.255 /16
111.235.152.0 255.255.252.0 0.0.3.255 /22

We don’t recommend that you lock down the RTP (media) traffic on your
firewall.

We recommend that you just open your RTP to the internet. i.e. allow RTP
traffic from any source IP address on our side (UDP 10000 to 30000) in
your firewall.

Anyone can help us ?

magnusbilling · July 19, 2013, 1:41pm

iptables -A INPUT -p udp --dport 10000:30000 -j ACCEPT

sipring · July 20, 2013, 12:25am

Thanks Sir, but unfortunately our client doesn’t accept to open RTP for Internet .

Can you help us to open ports for IP ranges listed above

navaismo · July 20, 2013, 3:32am

Uh? The last sentence its a joke? In which scenario do you think we can open the ports in your client’s side? Or I’m Misunderstanding the question.

sipring · July 20, 2013, 1:02pm

A joke? Do you mean that if we add for example /26 IP Block we’ve to add the 61 usable IP range manually ? Is that the only method ?