Thats not how TCP works, if I recall correctly (someone correct me if I am wrong please). I use IAX through our sonicwall flawlessly, altho I do have that single port open. You may need to create the a new services entry, and specify LAN OUT on the sonicwall, to let it back in. I would just forward the port, cause its not like its got any security issues... (right???) Now SIP on the otherhand... ugh. DH Rich Adamson wrote:>Current dev cvs install on two systems. System A is behind a SonicWall >firewall, and system B is on a registered IP address. (System B has >multiple iax links that are fully functional to multiple locations.) > >System A is correctly registering with System B, with no special firewall >rules. > >Should System B be able to take advantage of the "registration" to send >iax/gsm calls to System A without installing any firewall rules? > >I assumed it could, but an ethereal trace indicates a new call is >placed from B -> A, but A never acknowledges the iax2 packet, etc. > >The trace suggests the registration is happening with > src port 28277 (or whatever) -> dest port 4569 >however, calls are processed with > src port 4569 and dest port 4569 > >Shouldn't we expect src=4569 and dest=4569 on all iax2 interactions? > >Rich > > > > >_______________________________________________ >Asterisk-Users mailing list >Asterisk-Users@lists.digium.com >http://lists.digium.com/mailman/listinfo/asterisk-users >To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > >
At 8:23 PM -0600 on 5/12/04, Rich Adamson wrote:>Current dev cvs install on two systems. System A is behind a SonicWall >firewall, and system B is on a registered IP address. (System B has >multiple iax links that are fully functional to multiple locations.) > >System A is correctly registering with System B, with no special firewall >rules. > >Should System B be able to take advantage of the "registration" to send >iax/gsm calls to System A without installing any firewall rules? > >I assumed it could, but an ethereal trace indicates a new call is >placed from B -> A, but A never acknowledges the iax2 packet, etc. > >The trace suggests the registration is happening with > src port 28277 (or whatever) -> dest port 4569 >however, calls are processed with > src port 4569 and dest port 4569 > >Shouldn't we expect src=4569 and dest=4569 on all iax2 interactions? > >RichIf src=4569 and dst=4569 always, then it would be impossible to have more than one IAX2 talker behind a firewall talking to an external Asterisk server, right? There would be no method by which the firewall would "know" which packet was destined for what device inside the firewall, since the source port and destination port would be the same for each "connection". I'm not thinking this through completely, and it seems like there is a flaw in this argument... but with UDP, there is no sequence number that should have attention paid to it (like TCP) so... er... someone tell me why this is incorrect. note: firewall in this case is really "NAT", right? JT
Current dev cvs install on two systems. System A is behind a SonicWall firewall, and system B is on a registered IP address. (System B has multiple iax links that are fully functional to multiple locations.) System A is correctly registering with System B, with no special firewall rules. Should System B be able to take advantage of the "registration" to send iax/gsm calls to System A without installing any firewall rules? I assumed it could, but an ethereal trace indicates a new call is placed from B -> A, but A never acknowledges the iax2 packet, etc. The trace suggests the registration is happening with src port 28277 (or whatever) -> dest port 4569 however, calls are processed with src port 4569 and dest port 4569 Shouldn't we expect src=4569 and dest=4569 on all iax2 interactions? Rich