RTP port-range

I’ve been messing with Asterisk for a few weeks now. So far, I really like it. I’m hooked!

I’m running my own asterisk box at home for a few days now. Just to get the hang of it. See if any problems come up, and if I can tackle those.

One problem I had, was that a caller could hear me, but I couldn’t hear the caller. Eventually I figured this had to do with blocked RTP-ports. In rtp.conf I have this:


But tcpdump showed me that calls were using ports much higher. And sure enough, after opening UDP-port 10000-20000, everything worked fine.

The thing is, I don’t have this port-rage defined anywhere. Not that I know of, anyway. So, why are incoming calls using these ports anyway, expecting them to be open? Is it mandatory/standard to have this port-range open?

Use the CLI to confirm the port numbers actually used; maybe the file was misparsed and you have defaults.

Also note that you must not restrict remote port numbers, as they are controlled by the remote end.

But how will I know on what ports I can expect incoming rtp-connections?

RTP is connectionless.

Asterisk tells the remote side which port number will be used at the Asterisk end and the remote side tells Asterisk which port will be used at the remote end. Your incoming firewall rules only need to cover destination ports within the Asterisk range, but your your outgoing firewall rules need to be unrestricted (unless you have configure limited ranges at the remote end.

If you check source ports, you should only check them on outgoing traffic.

Well, thats the problem. And the question in my first post.

Outgoing traffic is no problem. It is not restricted and people can hear me.

Incoming traffic should be going to ports 7078-7110, as defined in rtp.conf. But for some reason, I get them in the 10000-20000 range (and beyond, for all I know).

Why is that? Am I missing something? Am I doing something wrong?

If this is the case outside any NAT or firewall, it is probably the NAT or firewall messing with the SDP in the SIP exchange.

If it the case inside the firewall, please answer my question about what port range Asterisk actually reports as being enabled.

when dealing with nat issue it is always good to enable the RTP debug “rtp set debug on” It will help you to verify the rtp port and IP address