Trouble receiving calls

system · August 24, 2011, 10:02pm

Here are my firewall rules, using amazon ec2:


ICMP
Port (Service)	Source	Action
ALL	0.0.0.0/0	Delete
TCP
Port (Service)	Source	Action
22 (SSH)	0.0.0.0/0	Delete
80 (HTTP)	0.0.0.0/0	Delete
3306 (MYSQL)	0.0.0.0/0	Delete
5060 - 5061	0.0.0.0/0	Delete
8088	0.0.0.0/0	Delete
10000 - 20000	0.0.0.0/0	Delete
UDP
Port (Service)	Source	Action
4569	0.0.0.0/0	Delete
5060	0.0.0.0/0

system · August 24, 2011, 10:03pm

I tried a call from a sip phone out, and still no sound.

david55 · August 24, 2011, 11:05pm

What’s the default action for UDP?

You might want to note that blocking all ICMP removes useful diagnostics and quite simply breaks some TCP functions - it can cause TCP connections to stall due to suppressing the fragmentation required responses needed by Path MTU Discovery, although that won’t affect the UDP used here.

M2Mcom · August 25, 2011, 7:43am

I would think this is a router issue. The info you posted about your router rules doesn’t give me much info as to whether it’s done correctly. Who is the manufacturer of your router? Do you know how to use WireShark? That will give you an idea if the router is setup correctly.

Basically 5060 and 10000-20000 need to be port forwarded to the PBX. By your setup I see no where it’s being port forwarded.

10000-20000 is used for sound. Most no way audio problems come from this.

Michael
Houston

system · August 25, 2011, 11:36am

The info I posted there are the open ports in my security settings. The box is running on amazon ec2, so that is basically saying that these ports are open for connections. Wether connections to these ports will be sent to the box is another issue, however I don’t see why they would not. To get http/ssh running, all I had to do was open that port and connections to the ip address went through fine, so I would assume that it is the same for the other ports too.

For UDP, everything apart from 4569 and 5060 will be blocked. Is this wrong?

I’m aware of wireshark, but don’t have that much experience with it. Some guidance on this would be helpful.

david55 · August 25, 2011, 11:38am

Yes. That will result in no inbound audio.

system · August 25, 2011, 11:41am

Ive opened up 0 - 65535 for UDP, I’ll test again and see how it goes.

abw1oim · August 25, 2011, 11:47am

UDP needs to be allowed and - additionally - forwarded to the asterisk box, otherwise Voice will never ever work.

system · August 25, 2011, 1:26pm

Yep! That did it, fantastic! Thanks so much for everyones help! For the record, it was the ports, and it was ec2, so all that needed to happen was to open them up and data would be able to get through to the box, as on ec2 you dont need to point the ports anywhere if you just have one box/ip and one firewall.

The sound seemed to be a bit laggy, but im sure that is just because of the speed of the box.