Andreas Schiffler
2004-Mar-08 13:33 UTC
[Asterisk-Users] Shorewall and asterisk on Mandrake
Hi, I am struggling getting asterisk to work on my firewall box. The Linux box is a firewall running Mandrake 9.2 and shorewall for security and NAT. Asterisk is compiled and running on the firewall box with a modified sample configuration. I am connecting to it using a Sipura on the local LAN. This works fine and I can phone between extensions (2201 and 2202) and access the voicemail menu via extension '8'. Now, I cannot get asterisk to register the two SIP providers I want to use: FWD and ICH. The log reports that it did not register - consequently I cant dial '6-612' to get the FWD date-speech. I've configured everything according to the manual and several example config files as referenced on voxilla. The error message I get is a timeout on sip-registration and some rtp timeouts. I assume its a shorewall issue. How do I need to configure Shorewall? (I have the following shorewall domains: net, masq, fw, loc used in the rules.conf) Does someone have a sample shorewall config? How can I easily tell that asterisk registered properly with the SIP provider? Could someone post some a current working sample configs for FWD and ICH which indicate the use of the various fields better than the existing samples: * For FWD I have 123456 (the number), AUTO_123456 (the user ID), password. * For ICH I have 1234567890 (the number without 1) 11234567890 (the number with 1), 98765432 (the user id), password. Thanks for any info.
Patrick Lidstone (Personal E-mail)
2004-Mar-08 14:56 UTC
[Asterisk-Users] RE: Shorewall and asterisk on Mandrake
> I am struggling getting asterisk to work on my firewall box. > > The Linux box is a firewall running Mandrake 9.2 and > shorewall for security and NAT. Asterisk is compiled and > running on the firewall box with a modified sample > configuration. I am connecting to it using a Sipura on the > local LAN. This works fine and I can phone between extensions > (2201 and 2202) and access the voicemail menu via extension '8'. > > Now, I cannot get asterisk to register the two SIP providers I want to > use: FWD and ICH. The log reports that it did not register - > consequently I cant dial '6-612' to get the FWD date-speech. > > I've configured everything according to the manual and > several example config files as referenced on voxilla. The > error message I get is a timeout on sip-registration and some > rtp timeouts. I assume its a shorewall issue. > > > How do I need to configure Shorewall? (I have the following shorewall > domains: net, masq, fw, loc used in the rules.conf) Does > someone have a sample shorewall config? > > How can I easily tell that asterisk registered properly with > the SIP provider? > > Could someone post some a current working sample configs for > FWD and ICH which indicate the use of the various fields > better than the existing > samples: > * For FWD I have 123456 (the number), AUTO_123456 (the user > ID), password. > * For ICH I have 1234567890 (the number without 1) > 11234567890 (the number with 1), 98765432 (the user id), password."Voxilla" doesn't mean anything to me, but I went through a similar learning curve a while back. The key to successful registrations behind nat (for me) are the following entries in sip.conf. My asterisk box sits on a natted network 192.168.0.x with address 192.168.0.5 ; ; SIP Configuration for Asterisk ; [general] port=5060 ; rtp port to bind to localnet=192.168.0.0 ; address space for local (natted) network localmask=255.255.255.0 ; netmask for local (natted) network externip=a.b.c.d ; a.b.c.d is public ip address of your router outside_addr=a.b.c.d ; as above bindaddr=192.168.0.5 ; where 192.168.0.5 is the IP address of your * box behind NAT nat=yes With these config changes, and asterisk restarted, you should be able to register ok (as reflected by "sip show registry" from command line. This is the crucial first step. In addition, for a bi-directional voice path you will typically require port forwarding of UDP traffic in the media port range specified in rtp.conf to the natted ip address of your asterisk box (192.168.0.5 in this example). A typical rtp.conf file might look like this: [general] rtpstart=50600 rtpend=50609 You should also configure your firewall to pass UDP traffic bi-directionally on port 5060. It is worth persevering - asterisk does work behind a natted firewall with the likes of FWD just fine. HTH Patrick