Sipgate Problem - for a change SOLVED!


#1

Cannot, how ever i try, get my server to register to accept incoming.

My * server is behind a NAT ADSL Router and I have tried putting it in a DMZ but seems to make no difference. Also tried many of the various NAT settings in sip.conf and extensions.conf

Here are my configs and a ethereal report which I ran while starting *. Doesnt seem to offer much unless im not sniffing for the right stuff.

Any ideas?

sip.conf

Heres the output from the sniff in ethereal format

I get no indications on the console of whats happening, are their any logs?

Can anyone recomend another SIP ITSP I can try?

Cheers


#2

“DMZ” as in what? NO NAT, its own internet-routable IP address (i.e., not 192.168.anything or 10.anything) and completely transparent both-way IP forwarding through the firewall?

If it’s behind a NAT firewall, you’ll need an “externip” statement there, or you’ve got no hope of making it work.


#3

Will,

When i enable a DMZ on my firewall it asks for the internal IP of the device you want to place in it. Im am guessing that the DMZ is what it says, entirely open. The server was still on a 192.168.x.x but i guess the router forwards all? am i wrong?

Ill do some research on the DLINK box i got.

I did experiment with the externip switch and made no difference. (i used the IP that had been assigned to my router from my ISP)


#4

Just checked the dlink manual.

“enabling the DMZ will expose a single client on your network to the internet. Enter the IP of the host in the box below and enable” “please be careful blah blah etc”

I entered the IP of he host that had been assigned by the dlink box and rebooted etc. no joy :frowning:


#5

I’m afraid so, yes.

For a DMZ to work you have to have a separate internet-routable IP address. You assign this IP address to the machine in the DMZ and then set up the router to forward that IP address.

If it’s not internet-routable, e.g., if it’s a 192.168… address, then it simply won’t work - because it will be sending out packets with the source address as 192.168.whatever and the destination system won’t be able to respond because you can’t route packets through the internet to any 192.168… addresses.

Are you sure you had externip set up with the right address? Did you check with your modem/router that that address was really what it was operating on?

Have you got all the relevant ports forwarded on your router - correctly? Check Sipgate’s help stuff for a list of those ports.


#6

So i need another internet IP adress from my isp?

or assign a internet routable ip ie 62.34.23.33 (whatever) to my * server and then route this through?

[quote]
Have you got all the relevant ports forwarded on your router - correctly? Check Sipgate’s help stuff for a list of those ports.[/quote]

Im unsure how the port forwarding works on dlink. I did enable

from any address port 0-10000 to my 192.x.x.x address of my server and that failed.

So to sum up

  1. ill put in a DMZ as above

  2. if that works then i will add nat=yes externip= and ensure all the relevent ports are forwarded and then it should work behind the NAT.


#7

PS

my dlink offers port fowarding and port filtering.

whats the difference?

having read many explanations they seem one and the same?


#8

ive tried allsorts :frowning:

“sip show peers” shows sipgate account

but not “sip show registry” when running *

tried in DMZ and with nat and all ports forwarded.

Anyone know another provider i can try where i get a PSTN number to dial?


#9

[quote=“spoonz”]my dlink offers port fowarding and port filtering.

whats the difference?[/quote]
It’s hard to say exactly what the difference is in dlink’s implementation of them, but just as terms, i would interpret them as follows.

Port forwarding = forward to a specified IP address every packet that comes into the interface in question addressed to the port being forwarded.

Port filtering = check various properties of a packet coming into a specified port on the interface in question and do something as a result of that check. That “do something” could be a range of things, including reject, drop, log, forward, forward to some IP address to a different port from from the original destination… etc.

There’s heaps of them! I had a lot of trouble getting Sipgate to work myself - until i got a bit of help from this forum - but i never had any trouble getting Gossiptel to work. However, Gossiptel seem to be having some problems at the moment and last time i checked it wasn’t working at all!

Have a look at

voip-info.org/tiki-index.php?pag … esidential

for a list of ITSPs. That should get you started. There are a lot more than are included in that list though.


#10

Thanks alot Will.

Will try gossiptel just to make sure im not going mad. So although these sites dont offer a “works with asterisk” line they all can be configured to as SIP/IAX etc?

I set up both filrting and forwarding last night and neither worked. When they where enabled my web stopped working so I added 80 to all destinations and that didnt solved so had to disable.

I am assuming that by default the firewall element allows everything out and nothing in? although 80/21/23 etc work with factory defaults!!! strange little boxes.

One area to just confirm. Even though i use nat=yes and externip= i still the ports sorted on my NAT/Firewall?

Thanks Again


#11

That won’t help - you are going mad! :wink:

Yeah, if it’s SIP, you can do it with asterisk. It’s the protocol that matters, not what’s at either end. If you can find an ITSP that works with IAX2, you’re better off as the NAT thing isn’t so much of a problem with IAX. Try voipgate ( voipgate.com ) for a european one - it works fine for me with asterisk and IAX2.

What do you mean you added 80 to all destinations??? Are you sure you’re doing this NAT business right?

That’s what i’d expect. but then i don’t know anything about that particular router.

What do you mean, they work? Surely there’s no way that they can be set up for inwards NAT by default - where would they be forwarded to???

I guess you left out “need” or something, in that sentence.

Yeah, to get SIP working with NAT, you’ve got to get the NAT configured properly, externip set to the correct internet-routable IP address for your gateway (router, whatever), and set nat=yes in the relevant place(s).

I think you’d better post exactly what you’re configuring your NAT with. It’s a bit difficult, that one, because without knowing the particular router, it can be hard to tell what’s going on. But it’s worth a look, because it sounds like that’s your problem.


#12

im pretty sure that * is configured correctly.

Your right i dont get this NAT thing i think.

  1. My router works fine for web/ftp etc with no config on at all.

  2. so i enable port forwarding and enter all the correct ports etc for sip to go from any host to my * asterisk server and set to “if not matched = block”

  3. no joy and too boot my web is cut off.

ill dump screenshots later and post so people can get a better idea and in mean time try IAX2 and another sip provider.

Thanks Again


#13

right,

i added gossiptel and thats had np joy, but that could be because they are screwed at moment.

at cli i type “show sip peers” its says both online but unmonitored.

“sip show registry” no entries

heres a snap of my current firewall config, Ive read 3 dlink manuals now and they provide no distinction between filtering/forwarding/redirection and no clue at all what the router blocks/allows as default. useless. Im sure its a schoolboy error just cant see it :frowning:

REDIRECTION/FOWARDING

FILTERING enabled to pass all as far as I can see


#14

UPDATE

found some dodgy duplicated lines in my sip.conf after a thorough tidy.

now “sip show registry” shows

host username refresh state

state is stuck on “request sent”


#15

now getting lots of time out messages from registry process

getting better as now seems to be saying im trying at least

sniffed with ethereal and will post, if someone who knows what they are on about could look, would be much appreciated!


#16

No, don’t post the ethereal output just yet.

Looking at your router setup, i’m not sure it’s port redirection that you want to be using. What you need to be doing is NAT (or NAPT, rather than NAT, if there’s a choice). However, it’s hard to work out because i can’t see your router’s NAT config screen! :wink:

A suggestion. Disable port forwarding, disable filtering, enable NA§T and configure that with the ports you’ve got configured in the port forwarding at the moment - if that’s the way the config works…

Your port list is pretty similar to what mine was when i was doing that at my router - i’m not any more because it was a pain in the arse. Here’s my list:

ID Public Port - Start Public Port - End Private Port Port Type Host IP Address
1 5060 5060 5060 UDP 192.168.0.3
2 5004 5004 5004 UDP 192.168.0.3
3 10000 10000 10000 UDP 192.168.0.3
4 3478 3478 3478 UDP 192.168.0.3
5 4569 4569 4569 TCP 192.168.0.3
6 8000 8012 8000 UDP 192.168.0.3

Thinking about it, it is worth mentioning the way i’m doing it now, as it’s so much easier and works so much better.

I’m using my modem/router in bridging mode - i.e., not doing the PPPoE side of it, just the ATM. I’ve got a single cable between the router and a dedicated ethernet port on my gateway/asterisk server and running PPPoE on the gateway machine - along with a firewall. That way, the ppp interface on that machine is always a non-NAT’ed connection to the internet, with an internet-routable IP address and i don’t have to mess around with that NAT nonsense. It works so much better and is easier as i don’t have to keep track of the external IP address (“externip” in sip.conf).

Your internet connection may be PPPoATM, rather than PPPoE (if you’re in the UK, for example) and i’m not quite sure what you use to do the same thing if it is - but it shouldn’t be any harder. It’s definitely worth investigating if you’re running asterisk on ADSL. It does mean that if you’ve got other computers using the ADSL connection, you need a second ethernet card in your asterisk box and a separate ethernet switch, but it’s worth it to get rid of the headache!


#17

Interesting

  1. How does the filtering/firewall work in DSL-500/504? How do I set it up?
    Ans:
    From LAN to WAN:
    LAN -> Filter -> NAT -> WAN

From WAN to LAN:
LAN <- Filter <- NAT (1.Port Redirection, 2.DMZ) <- WAN


#18

[quote=“spoonz”]From LAN to WAN:
LAN -> Filter -> NAT -> WAN

From WAN to LAN:
LAN <- Filter <- NAT (1.Port Redirection, 2.DMZ) <- WAN[/quote]
Yeah, that makes sense (sort of…)

Incoming packets from the internet (WAN) first go through NAT and are then filtered - so filtering is done on their post-NAT destination etc, rather than their source destination (if that makes any sense!) etc. It is a bit strange that outgoing packets are filtered before NAT (although maybe not so strange…) I suppose they had to pick one or the other - it’s a bit arbitrary really.

But the implication of the above is that port redirection is part of NAT. What happens in the port redirection config screen?


#19

I dont really understand the PPoE side of things and dont want to set this up on linux if avoidable.

from the looks of it wan -> redirect needed ports -> NAT -> * should work!

i have no other options on NAT screen, other than multiple NAT? dont know what that does!


#20

Fair enough - but it may save you a lot of hassle in the long run. It’s actually quite easy - if you’re connecting using PPPoE, anyway. Where are you?

Yes, it should… But isn’t that what you’ve been doing?

Other options other than what? What does the NAT screen say?