asterisk users - Jan 2012 - NAT/IPTABLES workarounds

Hello List,

                   I work in an environment where I have to request IPTABLES
changes rather than doing them myself.  Is there a way to utilize my SSH
(port 22) to get a functional (and with good sound) Asterisk installation
with multiple channels up without requesting the 5060(SIP) 5061 (TLS) and
UDP/RTP (usually 10001-20000) IPTABLES allowances?

 

Thanks

Danny Nicholas

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20120103/ca1ae53a/attachment.htm>

On 03-01-12 16:24, Danny Nicholas wrote:
> Hello List,
>
> I work in an environment where I have to request IPTABLES changes rather
> than doing them myself. Is there a way to utilize my SSH (port 22) to
> get a functional (and with good sound) Asterisk installation with
> multiple channels up without requesting the 5060(SIP) 5061 (TLS) and
> UDP/RTP (usually 10001-20000) IPTABLES allowances?
Not with SIP as it needs a port for signaling (usually 5060) and RTP 
ports for sending the actual voice packets. So for SIP you will always 
need multiple ports. If you can use IAX then you could use port 22 as 
IAX only needs one port. The question is how are you going to SSH into 
the box if you use the SSH port for Asterisk?

Regards,
Patrick

On 01/03/2012 10:03 AM, Patrick Lists wrote:
> On 03-01-12 16:24, Danny Nicholas wrote:
>> Hello List,
>>
>> I work in an environment where I have to request IPTABLES changes
rather
>> than doing them myself. Is there a way to utilize my SSH (port 22) to
>> get a functional (and with good sound) Asterisk installation with
>> multiple channels up without requesting the 5060(SIP) 5061 (TLS) and
>> UDP/RTP (usually 10001-20000) IPTABLES allowances?
>
> Not with SIP as it needs a port for signaling (usually 5060) and RTP
> ports for sending the actual voice packets. So for SIP you will always
> need multiple ports. If you can use IAX then you could use port 22 as
> IAX only needs one port. The question is how are you going to SSH into
> the box if you use the SSH port for Asterisk?
It is not practical (although not impossible) to run UDP over an SSH 
tunnel. Since VoIP media is generally transported over UDP, this will be 
a major obstacle.

-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org

Are you talking about having an SSH tunnel and route your SIP traffic
through it !!?

On Thu, Jan 5, 2012 at 4:20 AM, Kevin P. Fleming <kpfleming at
digium.com>wrote:
> On 01/03/2012 10:03 AM, Patrick Lists wrote:
>
>> On 03-01-12 16:24, Danny Nicholas wrote:
>>
>>> Hello List,
>>>
>>> I work in an environment where I have to request IPTABLES changes
rather
>>> than doing them myself. Is there a way to utilize my SSH (port 22)
to
>>> get a functional (and with good sound) Asterisk installation with
>>> multiple channels up without requesting the 5060(SIP) 5061 (TLS)
and
>>> UDP/RTP (usually 10001-20000) IPTABLES allowances?
>>>
>>
>> Not with SIP as it needs a port for signaling (usually 5060) and RTP
>> ports for sending the actual voice packets. So for SIP you will always
>> need multiple ports. If you can use IAX then you could use port 22 as
>> IAX only needs one port. The question is how are you going to SSH into
>> the box if you use the SSH port for Asterisk?
>>
>
> It is not practical (although not impossible) to run UDP over an SSH
> tunnel. Since VoIP media is generally transported over UDP, this will be a
> major obstacle.
>
> --
> Kevin P. Fleming
> Digium, Inc. | Director of Software Technologies
> Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype:
kpfleming
> 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
> Check us out at www.digium.com & www.asterisk.org
>
>
> --
> ______________________________**______________________________**_________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>              http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> 
http://lists.digium.com/**mailman/listinfo/asterisk-**users<http://lists.digium.com/mailman/listinfo/asterisk-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20120105/e2c72157/attachment.htm>