Not receiving calls behind firewall

after setting up asterisk, and forwarding proper ports, I’m able to make calls to the outside, but not receiving calls, I have forwarded ports 5060-5082 tcp and 8000-20000 udp…I’ve also enter the settings for nat in the sip.conf file:
port = 5060
bindaddr = 0.0.0.0
context = others
allowguest = yes
srvlookup=yes
nat=yes
externip = mydnsname.org
localnet = 10.200.50.0/24
fromdomain = mydnsname.org
qualify=yes
canreinvite=no

yet I’m not able to receive calls… any help appreciated

thanks
pcteckonline.org

forward the udp 5060 and try …

Good luck

I’ve forwarded that port, but still I’m not able to receive calls from outside, and when I make calls, the internal ip address of my computers show on the receiving end…is this normal?

thanks
pcteckonline.org

I suppose that : 8000-20000 udp match with the your RTP.conf file ?? (rtpstart and rtpend)

make also sure that you are registered.
Asrerisk > sip show registry

Now, if this still doesn’t work… I would suggest to place your server on DMZ, and make the test.
I can see that you are a guru of Whireshak. Have a look and see where is going your RTP messages…

yes I have the right rtp.conf for my setup, when I do sip show registry it doesn’t show anything…what does that mean?.. good point I’ll take a look at the packet level and see if the packets are even making it to the external ip of the firewall…

thanks
pcteckonline.org

after firing up wireshark I got a udp 404, which I think the pbx server is not resolving from public dns hostname to private ip, so it doesn’t know where to send the call, b/c the 2000@pcteck.no-ip.org doesn’t exist in the network…sound like a nat issue, I could be wrong

above is the wireshark sample capture…you can also download it from here

pcteckonline.org/*_bad

any help appreciated

thanks

With externip, you must use an actual IP address:

externip=64.22.200.100

In your case, you’re using a domain name, so use externhost:

externhost=domain_name.org

I’ve also had trouble when Qualify=yes. I set Qualify=no, and everything works ok.

I think that will fix the problem.

Please let us know.

John

I did those changes, and still is responding with STATUS: 404 NOT FOUND…the only difference now, is that is doing a DNS lookup for pcteck.no-ip.org, which is resolving to the right ip, but ater that it answers with a 404 message…here’s the capture

thanks
pcteckonline.org

I have connected my asterisk server stright to my dsl modem bypassing the firewall, and still get the same 404 NOT FOUND message… could someone point me to the right direction

thanks

Whats your cli say at these moments a 404 is being issued? If nothing focus on firewall and natting(externip/externhost). ie: Is anything showing in firewall logs?

No. My sneaking suspicion is that it is a configuration(dns or pbx) issue, especially after connecting directly to modem.

SIP and natting is a nightmare, I have had better luck with IAX.

hth

Do I understand correctly that you are using softphones on computers that are inside a firewall? And that you can make calls through *Now, to the ‘outside world’, but that you can’t receive calls from the ‘outside’ world, through *Now, into the softphones?

If the above is correct, do you have a stun server set in the configuration for the softphones on the computers on the ‘inside’ network?

John

[quote=“JRayfield”]Do I understand correctly that you are using softphones on computers that are inside a firewall? And that you can make calls through *Now, to the ‘outside world’, but that you can’t receive calls from the ‘outside’ world, through *Now, into the softphones?

If the above is correct, do you have a stun server set in the configuration for the softphones on the computers on the ‘inside’ network?

John[/quote]

I thought, that when a call is made from the outside, the call is received by my * and then routed to the softphones that are registered with *, for this test I’m using x-lite, I haven’t seen any options on x-lite for setting up a stun server…I thought stun server was setup for clients like ekiga, during setup, anyway I’m not using a firewall now although the dsl modem still does natting…I have tried every possible combination, and still it doesn’t work

thanks

If the softphone is behind a firewall, then you’ll probably need to use a STUN server (at least that’s my understanding). The STUN server will ‘tell’ the softphone what the outside IP is, so that the *Now server can route calls to it.

If you try to make a connection and a private IP address shows up in the softphone (such as john@192.168.0.2), then you need to use the STUN server.

You might try using Firefly, 3rd Pary Edition. It seems to work very nicely and supports using a STUN server.

John

well, is no fun to be able to receive calls only from a specific type of softphone…also my internal softphones log into my * server not to the stun server, when calls come in the go through the * server, unless * has a setting for setting up a stun server, maybe I’m missing something…

thanks

Let’s start over…

Is your * PBX connected to the ‘outside world’ (NOT behind a firewall)?

Are the softphones ‘inside’ a network (behind a firewall)?

John

[quote=“JRayfield”]Let’s start over…

Is your * PBX connected to the ‘outside world’ (NOT behind a firewall)?

Are the softphones ‘inside’ a network (behind a firewall)?

John[/quote]

I have my * and softphones behind a firewall

So, they’re on the same network, behind the same firewall…correct?

John

[quote=“JRayfield”]So, they’re on the same network, behind the same firewall…correct?

John[/quote]

yes they are

I just installed X-Lite and it worked fine, without having to enter a STUN server (it looks like it automatically finds one, if you haven’t changed the defaults after installation).

I want to make sure that I understand your setup…

You can make calls from softphone (X-Lite) that are on the LAN (on the same network as the * PBX) and everything works ok - rings through and audio all ok…correct?

But, if a softfone out on the internet (such as the one on my computer here) were to try to call your softfone on your computer on your LAN, it would not ring through…correct?

John

[quote=“JRayfield”]I just installed X-Lite and it worked fine, without having to enter a STUN server (it looks like it automatically finds one, if you haven’t changed the defaults after installation).

I want to make sure that I understand your setup…

You can make calls from softphone (X-Lite) that are on the LAN (on the same network as the * PBX) and everything works ok - rings through and audio all ok…correct?

But, if a softfone out on the internet (such as the one on my computer here) were to try to call your softfone on your computer on your LAN, it would not ring through…correct?

John[/quote]

correct… here’s my number 2000@pcteck.no-ip.org you can try giving me a call…