I am attempting to set up xten voip softphone on an internal machine at 192.168.3.240. Using mandriva 2005 with shorewall with the flowing config rules ACCEPT loc:192.168.3.240 net udp 5060 ACCEPT loc:192.168.3.240 net tcp 5060 ACCEPT loc:192.168.3.240 net udp 8000:8020 8000:8020 ACCEPT loc:192.168.3.240 net udp 16384:23384 16384:23384 ACCEPT net loc:192.168.3.240 tcp 5060 ACCEPT net loc:192.168.3.240 udp 5060 ACCEPT net loc:192.168.3.240 udp 8000:8020 8000:8020 ACCEPT net loc:192.168.3.240 udp 16384:23384 16384:23384 interfaces net ppp+ detect loc eth0 detect net eth1 detect masq ppp+ 192.168.3.0/255.255.255.0 The XtenPRO fails to login. If the firewall is bypassed the XtenPro works fine. Have tried to port scan from outside my firewall using www.grc.com port scanner. All of the above ports are not open. Thanks Philip Immoos ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
I think you need to DNAT the ports... DNAT loc:192.168.3.240 net udp 5060 and so on.. ----- Original Message ----- From: "Philip Immoos" <philip@immoos.homelinux.net> To: <shorewall-users@lists.sourceforge.net> Sent: Saturday, January 07, 2006 2:08 AM Subject: [Shorewall-users] Portforward for voip>I am attempting to set up xten voip softphone on an internal machine at >192.168.3.240. > Using mandriva 2005 with shorewall with the flowing config > > rules > ACCEPT loc:192.168.3.240 net udp 5060 > ACCEPT loc:192.168.3.240 net tcp 5060 > ACCEPT loc:192.168.3.240 net udp 8000:8020 8000:8020 > ACCEPT loc:192.168.3.240 net udp 16384:23384 16384:23384 > > ACCEPT net loc:192.168.3.240 tcp 5060 > ACCEPT net loc:192.168.3.240 udp 5060 > ACCEPT net loc:192.168.3.240 udp 8000:8020 8000:8020 > ACCEPT net loc:192.168.3.240 udp 16384:23384 16384:23384 > > > interfaces > > net ppp+ detect > loc eth0 detect > net eth1 detect > > masq > > ppp+ 192.168.3.0/255.255.255.0 > > The XtenPRO fails to login. If the firewall is bypassed the XtenPro works > fine. > > Have tried to port scan from outside my firewall using www.grc.com port > scanner. All of the above ports are not open. > > > Thanks Philip Immoos > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
After some reading I found some one said to do the flowing but still with no luck DNAT net loc:192.168.3.240 tcp 5060 - $PPP0 DNAT net loc:192.168.3.240 udp 5060 - $PPP0 DNAT net loc:192.168.3.240 udp 8000:8020 8000:8020 - $PPP0 DNAT net loc:192.168.3.240 udp 16384:23384 16384:23384 - $PPP0 The XtenPRO fails to login any other ideas please Thanks again On 07/01/2006, at 6:50 PM, Gary E. Terry wrote:> I think you need to DNAT the ports... > > DNAT loc:192.168.3.240 net udp 5060 > > and so on.. > > ----- Original Message ----- From: "Philip Immoos" > <philip@immoos.homelinux.net> > To: <shorewall-users@lists.sourceforge.net> > Sent: Saturday, January 07, 2006 2:08 AM > Subject: [Shorewall-users] Portforward for voip > > >> I am attempting to set up xten voip softphone on an internal >> machine at 192.168.3.240. >> Using mandriva 2005 with shorewall with the flowing config >> >> rules >> ACCEPT loc:192.168.3.240 net udp 5060 >> ACCEPT loc:192.168.3.240 net tcp 5060 >> ACCEPT loc:192.168.3.240 net udp 8000:8020 8000:8020 >> ACCEPT loc:192.168.3.240 net udp 16384:23384 >> 16384:23384 >> >> ACCEPT net loc:192.168.3.240 tcp 5060 >> ACCEPT net loc:192.168.3.240 udp 5060 >> ACCEPT net loc:192.168.3.240 udp 8000:8020 8000:8020 >> ACCEPT net loc:192.168.3.240 udp 16384:23384 >> 16384:23384 >> >> >> interfaces >> >> net ppp+ detect >> loc eth0 detect >> net eth1 detect >> >> masq >> >> ppp+ 192.168.3.0/255.255.255.0 >> >> The XtenPRO fails to login. If the firewall is bypassed the >> XtenPro works fine. >> >> Have tried to port scan from outside my firewall using >> www.grc.com port scanner. All of the above ports are not open. >> >> >> Thanks Philip Immoos >> >> >> ------------------------------------------------------- >> This SF.net email is sponsored by: Splunk Inc. Do you grep through >> log files >> for problems? Stop! Download the new AJAX search engine that makes >> searching your log files as easy as surfing the web. DOWNLOAD >> SPLUNK! >> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through > log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD > SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
hope i maby can help u i don''t have voip but i''m thinking of taking it. what i think, voip just uses a number of ports udp and tcp i don''t know what ports ur voip uses. but the way to put the connections open is like this: DNAT net loc:192.168.3.240 tcp 5060 DNAT net loc:192.168.3.240 udp 5060 DNAT net loc:192.168.3.240 tcp 5060,5061,5062 DNAT net loc:192.168.3.240 udp 5063:5100 this is what u use when u wanna open a tcp port on 5060. u have to search on the internet or what ever what ports and protocols u are using to solve this problem what u maby can try is put everything open on the 192.168.3.240 and look if that will work hope this will get u started. 2006/1/9, Philip Immoos <philip@immoos.homelinux.net>:> > After some reading I found some one said to do the flowing but still > with no luck > > DNAT net loc:192.168.3.240 tcp 5060 - $PPP0 > DNAT net loc:192.168.3.240 udp 5060 - $PPP0 > DNAT net loc:192.168.3.240 udp 8000:8020 > 8000:8020 - $PPP0 > DNAT net loc:192.168.3.240 udp 16384:23384 > 16384:23384 - $PPP0 > > The XtenPRO fails to login any other ideas please > > Thanks again > > On 07/01/2006, at 6:50 PM, Gary E. Terry wrote: > > > I think you need to DNAT the ports... > > > > DNAT loc:192.168.3.240 net udp 5060 > > > > and so on.. > > > > ----- Original Message ----- From: "Philip Immoos" > > <philip@immoos.homelinux.net> > > To: <shorewall-users@lists.sourceforge.net> > > Sent: Saturday, January 07, 2006 2:08 AM > > Subject: [Shorewall-users] Portforward for voip > > > > > >> I am attempting to set up xten voip softphone on an internal > >> machine at 192.168.3.240. > >> Using mandriva 2005 with shorewall with the flowing config > >> > >> rules > >> ACCEPT loc:192.168.3.240 net udp 5060 > >> ACCEPT loc:192.168.3.240 net tcp 5060 > >> ACCEPT loc:192.168.3.240 net udp 8000:8020 8000:8020 > >> ACCEPT loc:192.168.3.240 net udp 16384:23384 > >> 16384:23384 > >> > >> ACCEPT net loc:192.168.3.240 tcp 5060 > >> ACCEPT net loc:192.168.3.240 udp 5060 > >> ACCEPT net loc:192.168.3.240 udp 8000:8020 8000:8020 > >> ACCEPT net loc:192.168.3.240 udp 16384:23384 > >> 16384:23384 > >> > >> > >> interfaces > >> > >> net ppp+ detect > >> loc eth0 detect > >> net eth1 detect > >> > >> masq > >> > >> ppp+ 192.168.3.0/255.255.255.0 > >> > >> The XtenPRO fails to login. If the firewall is bypassed the > >> XtenPro works fine. > >> > >> Have tried to port scan from outside my firewall using > >> www.grc.com port scanner. All of the above ports are not open. > >> > >> > >> Thanks Philip Immoos > >> > >> > >> ------------------------------------------------------- > >> This SF.net email is sponsored by: Splunk Inc. Do you grep through > >> log files > >> for problems? Stop! Download the new AJAX search engine that makes > >> searching your log files as easy as surfing the web. DOWNLOAD > >> SPLUNK! > >> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > >> _______________________________________________ > >> Shorewall-users mailing list > >> Shorewall-users@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: Splunk Inc. Do you grep through > > log files > > for problems? Stop! Download the new AJAX search engine that makes > > searching your log files as easy as surfing the web. DOWNLOAD > > SPLUNK! > > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- Gr. SteZZz
Hello
the VoIP ports all depends on the protocol you are using
are you using
i) H323
ii) SIP
iii) AIX (Asterisk)
each of which has it''s own stack of ports, H323 is not that comptaible
with NAT as it uses many dynamic high ports, but H323 version 2.0 is better
SIP is much better
AIX is the most friendly with NAT
Kind Regards
Samer
----- Original Message -----
From: SteZZz
To: shorewall-users@lists.sourceforge.net
Sent: Monday, January 09, 2006 2:58 PM
Subject: Re: [Shorewall-users] Portforward for voip
hope i maby can help u
i don''t have voip but i''m thinking of taking it.
what i think, voip just uses a number of ports udp and tcp
i don''t know what ports ur voip uses. but the way to put the
connections open is like this:
DNAT net loc:192.168.3.240 tcp 5060
DNAT net loc:192.168.3.240 udp 5060
DNAT net loc:192.168.3.240 tcp 5060,5061,5062
DNAT net loc:192.168.3.240 udp 5063:5100
this is what u use when u wanna open a tcp port on 5060.
u have to search on the internet or what ever what ports and protocols u are
using to solve this problem
what u maby can try is put everything open on the 192.168.3.240 and look if
that will work
hope this will get u started.
2006/1/9, Philip Immoos <philip@immoos.homelinux.net>:
After some reading I found some one said to do the flowing but still
with no luck
DNAT net loc: 192.168.3.240 tcp 5060 - $PPP0
DNAT net loc:192.168.3.240 udp 5060 - $PPP0
DNAT net loc: 192.168.3.240 udp 8000:8020
8000:8020 - $PPP0
DNAT net loc:192.168.3.240 udp 16384:23384
16384:23384 - $PPP0
The XtenPRO fails to login any other ideas please
Thanks again
On 07/01/2006, at 6:50 PM, Gary E. Terry wrote:
> I think you need to DNAT the ports...
>
> DNAT loc:192.168.3.240 net udp 5060
>
> and so on..
>
> ----- Original Message ----- From: "Philip Immoos"
> <philip@immoos.homelinux.net>
> To: < shorewall-users@lists.sourceforge.net>
> Sent: Saturday, January 07, 2006 2:08 AM
> Subject: [Shorewall-users] Portforward for voip
>
>
>> I am attempting to set up xten voip softphone on an internal
>> machine at 192.168.3.240.
>> Using mandriva 2005 with shorewall with the flowing config
>>
>> rules
>> ACCEPT loc: 192.168.3.240 net udp 5060
>> ACCEPT loc:192.168.3.240 net tcp 5060
>> ACCEPT loc:192.168.3.240 net udp 8000:8020 8000:8020
>> ACCEPT loc:192.168.3.240 net udp 16384:23384
>> 16384:23384
>>
>> ACCEPT net loc:192.168.3.240 tcp 5060
>> ACCEPT net loc:192.168.3.240 udp 5060
>> ACCEPT net loc:192.168.3.240 udp 8000:8020 8000:8020
>> ACCEPT net loc:192.168.3.240 udp 16384:23384
>> 16384:23384
>>
>>
>> interfaces
>>
>> net ppp+ detect
>> loc eth0 detect
>> net eth1 detect
>>
>> masq
>>
>> ppp+ 192.168.3.0/255.255.255.0
>>
>> The XtenPRO fails to login. If the firewall is bypassed the
>> XtenPro works fine.
>>
>> Have tried to port scan from outside my firewall using
>> www.grc.com port scanner. All of the above ports are not open.
>>
>>
>> Thanks Philip Immoos
>>
>>
>> -------------------------------------------------------
>> This SF.net email is sponsored by: Splunk Inc. Do you grep through
>> log files
>> for problems? Stop! Download the new AJAX search engine that
makes
>> searching your log files as easy as surfing the web. DOWNLOAD
>> SPLUNK!
>> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
>> _______________________________________________
>> Shorewall-users mailing list
>> Shorewall-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through
> log files
> for problems? Stop! Download the new AJAX search engine that makes
> searching your log files as easy as surfing the web. DOWNLOAD
> SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Gr. SteZZz
For my X-Lite sip clients for my Asterisk server I must use these rules. ACCEPT loc dmz udp 5060:5082 ACCEPT loc dmz udp 10000:20000 ACCEPT loc dmz tcp 22,80,443,4445,5060 You would have to change them to dnat, but those are the ports my X-Lite and Asterisk will work with. Todd Samer Azmy wrote:> Hello > > the VoIP ports all depends on the protocol you are using > > are you using > i) H323 > ii) SIP > iii) AIX (Asterisk) > > each of which has it''s own stack of ports, H323 is not that comptaible > with NAT as it uses many dynamic high ports, but H323 version 2.0 is > better > > SIP is much better > AIX is the most friendly with NAT > > Kind Regards > Samer > > ----- Original Message ----- > *From:* SteZZz <mailto:stezzz@gmail.com> > *To:* shorewall-users@lists.sourceforge.net > <mailto:shorewall-users@lists.sourceforge.net> > *Sent:* Monday, January 09, 2006 2:58 PM > *Subject:* Re: [Shorewall-users] Portforward for voip > > hope i maby can help u > i don''t have voip but i''m thinking of taking it. > what i think, voip just uses a number of ports udp and tcp > i don''t know what ports ur voip uses. but the way to put the > connections open is like this: > > DNAT net loc:192.168.3.240 > <http://192.168.3.240> tcp 5060 > DNAT net loc:192.168.3.240 > <http://192.168.3.240> udp 5060 > DNAT net loc:192.168.3.240 > <http://192.168.3.240> tcp 5060,5061,5062 > DNAT net loc:192.168.3.240 > <http://192.168.3.240> udp 5063:5100 > > this is what u use when u wanna open a tcp port on 5060. > u have to search on the internet or what ever what ports and > protocols u are using to solve this problem > > what u maby can try is put everything open on the 192.168.3.240 > <http://192.168.3.240> and look if that will work > > hope this will get u started. > > > 2006/1/9, Philip Immoos <philip@immoos.homelinux.net > <mailto:philip@immoos.homelinux.net>>: > > After some reading I found some one said to do the flowing but > still > with no luck > > DNAT net loc: 192.168.3.240 > <http://192.168.3.240> tcp 5060 - $PPP0 > DNAT net loc:192.168.3.240 <http://192.168.3.240> > udp 5060 - $PPP0 > DNAT net loc: 192.168.3.240 > <http://192.168.3.240> udp 8000:8020 > 8000:8020 - $PPP0 > DNAT net loc:192.168.3.240 <http://192.168.3.240> > udp 16384:23384 > 16384:23384 - $PPP0 > > The XtenPRO fails to login any other ideas please > > Thanks again > > On 07/01/2006, at 6:50 PM, Gary E. Terry wrote: > > > I think you need to DNAT the ports... > > > > DNAT loc:192.168.3.240 <http://192.168.3.240> net > udp 5060 > > > > and so on.. > > > > ----- Original Message ----- From: "Philip Immoos" > > <philip@immoos.homelinux.net > <mailto:philip@immoos.homelinux.net>> > > To: < shorewall-users@lists.sourceforge.net > <mailto:shorewall-users@lists.sourceforge.net>> > > Sent: Saturday, January 07, 2006 2:08 AM > > Subject: [Shorewall-users] Portforward for voip > > > > > >> I am attempting to set up xten voip softphone on an internal > >> machine at 192.168.3.240 <http://192.168.3.240>. > >> Using mandriva 2005 with shorewall with the flowing config > >> > >> rules > >> ACCEPT loc: 192.168.3.240 <http://192.168.3.240> > net udp 5060 > >> ACCEPT loc:192.168.3.240 <http://192.168.3.240> > net tcp 5060 > >> ACCEPT loc:192.168.3.240 <http://192.168.3.240> > net udp 8000:8020 8000:8020 > >> ACCEPT loc:192.168.3.240 <http://192.168.3.240> > net udp 16384:23384 > >> 16384:23384 > >> > >> ACCEPT net loc:192.168.3.240 <http://192.168.3.240> > tcp 5060 > >> ACCEPT net loc:192.168.3.240 > <http://192.168.3.240> udp 5060 > >> ACCEPT net loc:192.168.3.240 > <http://192.168.3.240> udp 8000:8020 8000:8020 > >> ACCEPT net loc:192.168.3.240 > <http://192.168.3.240> udp 16384:23384 > >> 16384:23384 > >> > >> > >> interfaces > >> > >> net ppp+ detect > >> loc eth0 detect > >> net eth1 detect > >> > >> masq > >> > >> ppp+ 192.168.3.0/255.255.255.0 > <http://192.168.3.0/255.255.255.0> > >> > >> The XtenPRO fails to login. If the firewall is bypassed the > >> XtenPro works fine. > >> > >> Have tried to port scan from outside my firewall using > >> www.grc.com <http://www.grc.com> port scanner. All of the > above ports are not open. > >> > >> > >> Thanks Philip Immoos > >> > >> > >> ------------------------------------------------------- > >> This SF.net email is sponsored by: Splunk Inc. Do you grep > through > >> log files > >> for problems? Stop! Download the new AJAX search engine > that makes > >> searching your log files as easy as surfing the web. DOWNLOAD > >> SPLUNK! > >> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > <http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click> > >> _______________________________________________ > >> Shorewall-users mailing list > >> Shorewall-users@lists.sourceforge.net > <mailto:Shorewall-users@lists.sourceforge.net> > >> https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: Splunk Inc. Do you grep > through > > log files > > for problems? Stop! Download the new AJAX search engine > that makes > > searching your log files as easy as surfing the web. DOWNLOAD > > SPLUNK! > > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > <http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click> > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > <mailto:Shorewall-users@lists.sourceforge.net> > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep > through log files > for problems? Stop! Download the new AJAX search engine that > makes > searching your log files as easy as surfing > the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > <http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click> > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > <mailto:Shorewall-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > -- > Gr. SteZZz >------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
The VOIP is the xten softphone which uses SIP. XtenPRO or Lite will not login to the engin service provider but the the xten lite with an inphonex service provider works fine with my firewall. I even have 2 Xten lite setup on my network with inphonex service provider and it works. So it appers that the NAT is what is going on for inphonex and some thing else for engin. Thanks again On 10/01/2006, at 2:23 AM, Samer Azmy wrote:> Hello > > the VoIP ports all depends on the protocol you are using > > are you using > i) H323 > ii) SIP > iii) AIX (Asterisk) > > each of which has it''s own stack of ports, H323 is not that > comptaible with NAT as it uses many dynamic high ports, but H323 > version 2.0 is better > > SIP is much better > AIX is the most friendly with NAT > > Kind Regards > Samer > ----- Original Message ----- > From: SteZZz > To: shorewall-users@lists.sourceforge.net > Sent: Monday, January 09, 2006 2:58 PM > Subject: Re: [Shorewall-users] Portforward for voip > > hope i maby can help u > i don''t have voip but i''m thinking of taking it. > what i think, voip just uses a number of ports udp and tcp > i don''t know what ports ur voip uses. but the way to put the > connections open is like this: > > DNAT net loc:192.168.3.240 tcp 5060 > DNAT net loc:192.168.3.240 udp 5060 > DNAT net loc:192.168.3.240 tcp > 5060,5061,5062 > DNAT net loc:192.168.3.240 udp 5063:5100 > > this is what u use when u wanna open a tcp port on 5060. > u have to search on the internet or what ever what ports and > protocols u are using to solve this problem > > what u maby can try is put everything open on the 192.168.3.240 and > look if that will work > > hope this will get u started. > > > 2006/1/9, Philip Immoos <philip@immoos.homelinux.net>: > After some reading I found some one said to do the flowing but still > with no luck > > DNAT net loc: 192.168.3.240 tcp 5060 - $PPP0 > DNAT net loc:192.168.3.240 udp 5060 - $PPP0 > DNAT net loc: 192.168.3.240 udp 8000:8020 > 8000:8020 - $PPP0 > DNAT net loc:192.168.3.240 udp 16384:23384 > 16384:23384 - $PPP0 > > The XtenPRO fails to login any other ideas please > > Thanks again > > On 07/01/2006, at 6:50 PM, Gary E. Terry wrote: > > > I think you need to DNAT the ports... > > > > DNAT loc:192.168.3.240 net udp 5060 > > > > and so on.. > > > > ----- Original Message ----- From: "Philip Immoos" > > <philip@immoos.homelinux.net> > > To: < shorewall-users@lists.sourceforge.net> > > Sent: Saturday, January 07, 2006 2:08 AM > > Subject: [Shorewall-users] Portforward for voip > > > > > >> I am attempting to set up xten voip softphone on an internal > >> machine at 192.168.3.240. > >> Using mandriva 2005 with shorewall with the flowing config > >> > >> rules > >> ACCEPT loc: 192.168.3.240 net udp 5060 > >> ACCEPT loc:192.168.3.240 net tcp 5060 > >> ACCEPT loc:192.168.3.240 net udp 8000:8020 8000:8020 > >> ACCEPT loc:192.168.3.240 net udp 16384:23384 > >> 16384:23384 > >> > >> ACCEPT net loc:192.168.3.240 tcp 5060 > >> ACCEPT net loc:192.168.3.240 udp 5060 > >> ACCEPT net loc:192.168.3.240 udp 8000:8020 8000:8020 > >> ACCEPT net loc:192.168.3.240 udp 16384:23384 > >> 16384:23384 > >> > >> > >> interfaces > >> > >> net ppp+ detect > >> loc eth0 detect > >> net eth1 detect > >> > >> masq > >> > >> ppp+ 192.168.3.0/255.255.255.0 > >> > >> The XtenPRO fails to login. If the firewall is bypassed the > >> XtenPro works fine. > >> > >> Have tried to port scan from outside my firewall using > >> www.grc.com port scanner. All of the above ports are not open. > >> > >> > >> Thanks Philip Immoos > >> > >> > >> ------------------------------------------------------- > >> This SF.net email is sponsored by: Splunk Inc. Do you grep through > >> log files > >> for problems? Stop! Download the new AJAX search engine that > makes > >> searching your log files as easy as surfing the web. DOWNLOAD > >> SPLUNK! > >> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > >> _______________________________________________ > >> Shorewall-users mailing list > >> Shorewall-users@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: Splunk Inc. Do you grep through > > log files > > for problems? Stop! Download the new AJAX search engine that makes > > searching your log files as easy as surfing the web. DOWNLOAD > > SPLUNK! > > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through > log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD > SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > -- > Gr. SteZZz >
Look at the settings the x- clients use the STUN protocol to get around nat. This gets the public ip on your internet connection. You might have to play with these settings under "system settings>network." You can force the firewall type and specify settings in that menu. Todd Philip Immoos wrote:> The VOIP is the xten softphone which uses SIP. > > XtenPRO or Lite will not login to the engin service provider but the > the xten lite with an inphonex service provider works fine with my > firewall. I even have 2 Xten lite setup on my network with inphonex > service provider and it works. So it appers that the NAT is what is > going on for inphonex and some thing else for engin. > > Thanks again > > > On 10/01/2006, at 2:23 AM, Samer Azmy wrote: > >> Hello >> >> the VoIP ports all depends on the protocol you are using >> >> are you using >> i) H323 >> ii) SIP >> iii) AIX (Asterisk) >> >> each of which has it''s own stack of ports, H323 is not that >> comptaible with NAT as it uses many dynamic high ports, but H323 >> version 2.0 is better >> >> SIP is much better >> AIX is the most friendly with NAT >> >> Kind Regards >> Samer >> >> ----- Original Message ----- >> *From:* SteZZz <mailto:stezzz@gmail.com> >> *To:* shorewall-users@lists.sourceforge.net >> <mailto:shorewall-users@lists.sourceforge.net> >> *Sent:* Monday, January 09, 2006 2:58 PM >> *Subject:* Re: [Shorewall-users] Portforward for voip >> >> hope i maby can help u >> i don''t have voip but i''m thinking of taking it. >> what i think, voip just uses a number of ports udp and tcp >> i don''t know what ports ur voip uses. but the way to put the >> connections open is like this: >> >> DNAT net loc:192.168.3.240 >> <http://192.168.3.240> tcp 5060 >> DNAT net loc:192.168.3.240 >> <http://192.168.3.240> udp 5060 >> DNAT net loc:192.168.3.240 >> <http://192.168.3.240> tcp 5060,5061,5062 >> DNAT net loc:192.168.3.240 >> <http://192.168.3.240> udp 5063:5100 >> >> this is what u use when u wanna open a tcp port on 5060. >> u have to search on the internet or what ever what ports and >> protocols u are using to solve this problem >> >> what u maby can try is put everything open on the 192.168.3.240 >> <http://192.168.3.240> and look if that will work >> >> hope this will get u started. >> >> >> 2006/1/9, Philip Immoos <philip@immoos.homelinux.net >> <mailto:philip@immoos.homelinux.net>>: >> >> After some reading I found some one said to do the flowing >> but still >> with no luck >> >> DNAT net loc: 192.168.3.240 >> <http://192.168.3.240> tcp 5060 - $PPP0 >> DNAT net loc:192.168.3.240 >> <http://192.168.3.240> udp 5060 - $PPP0 >> DNAT net loc: 192.168.3.240 >> <http://192.168.3.240> udp 8000:8020 >> 8000:8020 - $PPP0 >> DNAT net loc:192.168.3.240 >> <http://192.168.3.240> udp 16384:23384 >> 16384:23384 - $PPP0 >> >> The XtenPRO fails to login any other ideas please >> >> Thanks again >> >> On 07/01/2006, at 6:50 PM, Gary E. Terry wrote: >> >>> I think you need to DNAT the ports... >>> >>> DNAT loc:192.168.3.240 <http://192.168.3.240> net >> udp 5060 >>> >>> and so on.. >>> >>> ----- Original Message ----- From: "Philip Immoos" >>> <philip@immoos.homelinux.net >> <mailto:philip@immoos.homelinux.net>> >>> To: < shorewall-users@lists.sourceforge.net >> <mailto:shorewall-users@lists.sourceforge.net>> >>> Sent: Saturday, January 07, 2006 2:08 AM >>> Subject: [Shorewall-users] Portforward for voip >>> >>> >>>> I am attempting to set up xten voip softphone on an internal >>>> machine at 192.168.3.240 <http://192.168.3.240>. >>>> Using mandriva 2005 with shorewall with the flowing config >>>> >>>> rules >>>> ACCEPT loc: 192.168.3.240 <http://192.168.3.240> >> net udp 5060 >>>> ACCEPT loc:192.168.3.240 <http://192.168.3.240> >> net tcp 5060 >>>> ACCEPT loc:192.168.3.240 <http://192.168.3.240> >> net udp 8000:8020 8000:8020 >>>> ACCEPT loc:192.168.3.240 <http://192.168.3.240> >> net udp 16384:23384 >>>> 16384:23384 >>>> >>>> ACCEPT net loc:192.168.3.240 >> <http://192.168.3.240> tcp 5060 >>>> ACCEPT net loc:192.168.3.240 >> <http://192.168.3.240> udp 5060 >>>> ACCEPT net loc:192.168.3.240 >> <http://192.168.3.240> udp 8000:8020 8000:8020 >>>> ACCEPT net loc:192.168.3.240 >> <http://192.168.3.240> udp 16384:23384 >>>> 16384:23384 >>>> >>>> >>>> interfaces >>>> >>>> net ppp+ detect >>>> loc eth0 detect >>>> net eth1 detect >>>> >>>> masq >>>> >>>> ppp+ 192.168.3.0/255.255.255.0 >> <http://192.168.3.0/255.255.255.0> >>>> >>>> The XtenPRO fails to login. If the firewall is bypassed the >>>> XtenPro works fine. >>>> >>>> Have tried to port scan from outside my firewall using >>>> www.grc.com <http://www.grc.com> port scanner. All of the >> above ports are not open. >>>> >>>> >>>> Thanks Philip Immoos >>>> >>>> >>>> ------------------------------------------------------- >>>> This SF.net email is sponsored by: Splunk Inc. Do you grep >> through >>>> log files >>>> for problems? Stop! Download the new AJAX search engine >> that makes >>>> searching your log files as easy as surfing the web. DOWNLOAD >>>> SPLUNK! >>>> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click >> <http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click> >>>> _______________________________________________ >>>> Shorewall-users mailing list >>>> Shorewall-users@lists.sourceforge.net >> <mailto:Shorewall-users@lists.sourceforge.net> >>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>> >>> >>> >>> ------------------------------------------------------- >>> This SF.net email is sponsored by: Splunk Inc. Do you grep >> through >>> log files >>> for problems? Stop! Download the new AJAX search engine >> that makes >>> searching your log files as easy as surfing the web. DOWNLOAD >>> SPLUNK! >>> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click >> <http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click> >>> _______________________________________________ >>> Shorewall-users mailing list >>> Shorewall-users@lists.sourceforge.net >> <mailto:Shorewall-users@lists.sourceforge.net> >>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> >> >> ------------------------------------------------------- >> This SF.net email is sponsored by: Splunk Inc. Do you grep >> through log files >> for problems? Stop! Download the new AJAX search engine >> that makes >> searching your log files as easy as surfing >> the web. DOWNLOAD SPLUNK! >> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click >> <http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click> >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> <mailto:Shorewall-users@lists.sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> >> >> >> -- >> Gr. SteZZz >> >> >------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click