G'Day All; Greetings and best wishes. I need some help as follows: My Grandstream 100 is at a remote location on broadband and connects to my * server else where.>From a POST line I dial the 3 to the * server and selects the ext # ofthe remote GS100 IP phone. The GS100 rings. When answered I can clearly hear everything coming from the phone that's calling in. The caller cannot hear anything coming from the GS100 IP phone. If I make a call out from the GS100 to a POTS #, the POTS number rings. Upon answering, the GS100 can also hear everything from the POTS phone but the POTS phone is not hearing anything from the GS100. I believe the phone is setup right. The * server is behind a firewall and I have opened ports 10000-10100 5060 5004 4569 So it seems that my something is not allowing signal from the GS100 IP phone out but is allowing signal in. Any thoughts one where/what I should be modifying? Thanks much.
> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > Ferguson, Michael > Sent: 19 October 2004 16:18 > To: asterisk-users@lists.digium.com > Subject: [Asterisk-Users] Almost there--Remote connection >[snip]> > The * server is behind a firewall and I have opened ports > 10000-10100 5060 > 5004 > 4569 >IIRC, SIP uses 10000-20000 by default. Have you changed this to 10000-10100? Cheers, Karl ________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________
The 10000-10100 was given to me by a prior post so I really do not know. I will change the forewall to allow 10000-20000 and see if it works. -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Karl Dyson Sent: Tuesday, October 19, 2004 11:22 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > Ferguson, Michael > Sent: 19 October 2004 16:18 > To: asterisk-users@lists.digium.com > Subject: [Asterisk-Users] Almost there--Remote connection >[snip]> > The * server is behind a firewall and I have opened ports > 10000-10100 5060 > 5004 > 4569 >IIRC, SIP uses 10000-20000 by default. Have you changed this to 10000-10100? Cheers, Karl ________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Thanks. I think that's Iptables. No? I have a hardware firewall. -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Deon Rodden Sent: Tuesday, October 19, 2004 11:35 AM To: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: RE: [Asterisk-Users] Almost there--Remote connection My firewall script has something to the effect of: # Allow Existing traffic through -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Incoming VOIP Ports -A INPUT -m state --state NEW -m tcp -p tcp --dport 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 2727:2727 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 4569:4569 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5060:5061 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 10000:20000 -j ACCEPT That's for IAX2 and SIP. -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Karl Dyson Sent: Tuesday, October 19, 2004 11:22 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > Ferguson, Michael > Sent: 19 October 2004 16:18 > To: asterisk-users@lists.digium.com > Subject: [Asterisk-Users] Almost there--Remote connection >[snip]> > The * server is behind a firewall and I have opened ports > 10000-10100 5060 > 5004 > 4569 >IIRC, SIP uses 10000-20000 by default. Have you changed this to 10000-10100? Cheers, Karl ________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > Ferguson, Michael > Sent: 19 October 2004 16:49 > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: RE: [Asterisk-Users] Almost there--Remote connection > > Thanks. I think that's Iptables. No? > I have a hardware firewall.First, have a peek in rtp.conf and see what it says its using. For example, my (modified) version looks like: ; ; RTP Configuration ; [general] ; ; RTP start and RTP end configure start and end addresses ; rtpstart=15000 rtpend=17000> > -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > Deon Rodden > Sent: Tuesday, October 19, 2004 11:35 AM > To: 'Asterisk Users Mailing List - Non-Commercial Discussion' > Subject: RE: [Asterisk-Users] Almost there--Remote connection > > > My firewall script has something to the effect of: > > # Allow Existing traffic through > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > # Incoming VOIP Ports > -A INPUT -m state --state NEW -m tcp -p tcp --dport 5036:5045 > -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport > 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p > udp --dport 2727:2727 -j ACCEPT -A INPUT -m state --state NEW > -m udp -p udp --dport 4569:4569 -j ACCEPT -A INPUT -m state > --state NEW -m udp -p udp --dport 5060:5061 -j ACCEPT -A > INPUT -m state --state NEW -m udp -p udp --dport 10000:20000 -j ACCEPT > > That's for IAX2 and SIP. > > -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > Karl Dyson > Sent: Tuesday, October 19, 2004 11:22 AM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: RE: [Asterisk-Users] Almost there--Remote connection > > > -----Original Message----- > > From: asterisk-users-bounces@lists.digium.com > > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > > Ferguson, Michael > > Sent: 19 October 2004 16:18 > > To: asterisk-users@lists.digium.com > > Subject: [Asterisk-Users] Almost there--Remote connection > > > > [snip] > > > > > The * server is behind a firewall and I have opened ports > 10000-10100 > > 5060 > > 5004 > > 4569 > > > > IIRC, SIP uses 10000-20000 by default. Have you changed this > to 10000-10100? > > Cheers, > > Karl > > ______________________________________________________________ > __________ > This e-mail has been scanned for all viruses by Star. The > service is powered by MessageLabs. For more information on a > proactive anti-virus service working around the clock, around > the globe, visit: > http://www.star.net.uk > ______________________________________________________________ > __________ > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > ______________________________________________________________ > __________ > This e-mail has been scanned for all viruses by Star. The > service is powered by MessageLabs. For more information on a > proactive anti-virus service working around the clock, around > the globe, visit: > http://www.star.net.uk > ______________________________________________________________ > __________ >________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________
I made the firewall changes but still the same result. On the GS100 phone, what us STUN server? Why is it important? If it say No in the config, I hear nothing. If it says and has GS's STUN IP the connection is one way as noted prior. Might this be the culprit? Thanks... I am almost there....!! -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Deon Rodden Sent: Tuesday, October 19, 2004 11:35 AM To: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: RE: [Asterisk-Users] Almost there--Remote connection My firewall script has something to the effect of: # Allow Existing traffic through -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Incoming VOIP Ports -A INPUT -m state --state NEW -m tcp -p tcp --dport 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 2727:2727 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 4569:4569 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5060:5061 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 10000:20000 -j ACCEPT That's for IAX2 and SIP. -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Karl Dyson Sent: Tuesday, October 19, 2004 11:22 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > Ferguson, Michael > Sent: 19 October 2004 16:18 > To: asterisk-users@lists.digium.com > Subject: [Asterisk-Users] Almost there--Remote connection >[snip]> > The * server is behind a firewall and I have opened ports > 10000-10100 5060 > 5004 > 4569 >IIRC, SIP uses 10000-20000 by default. Have you changed this to 10000-10100? Cheers, Karl ________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Thanks. Mine says rtpstart=10000 rtpend=20000 -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Karl Dyson Sent: Tuesday, October 19, 2004 12:13 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > Ferguson, Michael > Sent: 19 October 2004 16:49 > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: RE: [Asterisk-Users] Almost there--Remote connection > > Thanks. I think that's Iptables. No? > I have a hardware firewall.First, have a peek in rtp.conf and see what it says its using. For example, my (modified) version looks like: ; ; RTP Configuration ; [general] ; ; RTP start and RTP end configure start and end addresses ; rtpstart=15000 rtpend=17000> > -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > Deon Rodden > Sent: Tuesday, October 19, 2004 11:35 AM > To: 'Asterisk Users Mailing List - Non-Commercial Discussion' > Subject: RE: [Asterisk-Users] Almost there--Remote connection > > > My firewall script has something to the effect of: > > # Allow Existing traffic through > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > # Incoming VOIP Ports > -A INPUT -m state --state NEW -m tcp -p tcp --dport 5036:5045 > -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport > 5036:5045 -j ACCEPT -A INPUT -m state --state NEW -m udp -p > udp --dport 2727:2727 -j ACCEPT -A INPUT -m state --state NEW > -m udp -p udp --dport 4569:4569 -j ACCEPT -A INPUT -m state > --state NEW -m udp -p udp --dport 5060:5061 -j ACCEPT -A > INPUT -m state --state NEW -m udp -p udp --dport 10000:20000 -j ACCEPT > > That's for IAX2 and SIP. > > -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > Karl Dyson > Sent: Tuesday, October 19, 2004 11:22 AM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: RE: [Asterisk-Users] Almost there--Remote connection > > > -----Original Message----- > > From: asterisk-users-bounces@lists.digium.com > > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > > Ferguson, Michael > > Sent: 19 October 2004 16:18 > > To: asterisk-users@lists.digium.com > > Subject: [Asterisk-Users] Almost there--Remote connection > > > > [snip] > > > > > The * server is behind a firewall and I have opened ports > 10000-10100 > > 5060 > > 5004 > > 4569 > > > > IIRC, SIP uses 10000-20000 by default. Have you changed this > to 10000-10100? > > Cheers, > > Karl > > ______________________________________________________________ > __________ > This e-mail has been scanned for all viruses by Star. The > service is powered by MessageLabs. For more information on a > proactive anti-virus service working around the clock, around > the globe, visit: > http://www.star.net.uk > ______________________________________________________________ > __________ > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > ______________________________________________________________ > __________ > This e-mail has been scanned for all viruses by Star. The > service is powered by MessageLabs. For more information on a > proactive anti-virus service working around the clock, around > the globe, visit: > http://www.star.net.uk > ______________________________________________________________ > __________ >________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
I just realised that I neglected to mention that the remote GS100 phone is sitting behind a firewall also. Do I need to open any outgoing ports on that firewall? Considering that one cannot hear anything from the GS100 IP phone? Thanks -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Ferguson, Michael Sent: Tuesday, October 19, 2004 12:32 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection Thanks. Mine says rtpstart=10000 rtpend=20000 -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Karl Dyson Sent: Tuesday, October 19, 2004 12:13 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > Ferguson, Michael > Sent: 19 October 2004 16:49 > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: RE: [Asterisk-Users] Almost there--Remote connection > > Thanks. I think that's Iptables. No? > I have a hardware firewall.First, have a peek in rtp.conf and see what it says its using. For example, my (modified) version looks like: ; ; RTP Configuration ; [general] ; ; RTP start and RTP end configure start and end addresses ; rtpstart=15000 rtpend=17000> > -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Deon > Rodden > Sent: Tuesday, October 19, 2004 11:35 AM > To: 'Asterisk Users Mailing List - Non-Commercial Discussion' > Subject: RE: [Asterisk-Users] Almost there--Remote connection > > > My firewall script has something to the effect of: > > # Allow Existing traffic through > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > # Incoming VOIP Ports > -A INPUT -m state --state NEW -m tcp -p tcp --dport 5036:5045 -j > ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5036:5045 > -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport > 2727:2727 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp > --dport 4569:4569 -j ACCEPT -A INPUT -m state --state NEW -m udp -p > udp --dport 5060:5061 -j ACCEPT -A INPUT -m state --state NEW -m udp > -p udp --dport 10000:20000 -j ACCEPT > > That's for IAX2 and SIP. > > -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Karl > Dyson > Sent: Tuesday, October 19, 2004 11:22 AM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: RE: [Asterisk-Users] Almost there--Remote connection > > > -----Original Message----- > > From: asterisk-users-bounces@lists.digium.com > > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > > Ferguson, Michael > > Sent: 19 October 2004 16:18 > > To: asterisk-users@lists.digium.com > > Subject: [Asterisk-Users] Almost there--Remote connection > > > > [snip] > > > > > The * server is behind a firewall and I have opened ports > 10000-10100 > > 5060 > > 5004 > > 4569 > > > > IIRC, SIP uses 10000-20000 by default. Have you changed this to > 10000-10100? > > Cheers, > > Karl > > ______________________________________________________________ > __________ > This e-mail has been scanned for all viruses by Star. The service is > powered by MessageLabs. For more information on a proactive anti-virus> service working around the clock, around the globe, visit: > http://www.star.net.uk > ______________________________________________________________ > __________ > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > ______________________________________________________________ > __________ > This e-mail has been scanned for all viruses by Star. The service is > powered by MessageLabs. For more information on a proactive anti-virus> service working around the clock, around the globe, visit: > http://www.star.net.uk > ______________________________________________________________ > __________ >________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > Ferguson, Michael > Sent: 19 October 2004 18:30 > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: RE: [Asterisk-Users] Almost there--Remote connection > > I just realised that I neglected to mention that the remote > GS100 phone is sitting behind a firewall also. > Do I need to open any outgoing ports on that firewall? > Considering that one cannot hear anything from the GS100 IP phone? >Yes, both phones will need to have ports 10000-20000 open (having seen your rtp.conf) if they are going o register with your * server.> > Mine says > rtpstart=10000 > rtpend=20000 >________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________
Benjamin on Asterisk Mailing Lists
2004-Oct-19 10:51 UTC
[Asterisk-Users] Almost there--Remote connection
On Tue, 19 Oct 2004 11:18:17 -0400, Ferguson, Michael <ferguson@brvmlaw.com> wrote:> > My Grandstream 100 is at a remote location on broadband and connects to > my * server else where.and:> The * server is behind a firewalland:> The GS100 rings. When answered I can clearly hear everything coming from > the phone that's calling in. > The caller cannot hear anything coming from the GS100 IP phone.Of course not. Running a SIP server behind a Firewall does not exactly make things straightforward. Is your server is only behind a firewall or is it also behind a NAT? If it is behind NAT you should know that that SIP/NAT traversal workarounds are for clients behind NAT connecting to servers on public IPs, not for clients on public IPs connecting to servers behind NAT. rgds benjk -- Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya, Tokyo, Japan. NB: Spam filters in place. Messages unrelated to the * mailing lists may get trashed.
Thanks. The server is NAT'd. So, Am I to conclude that it is not going to work and I should abandon it? -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Benjamin on Asterisk Mailing Lists Sent: Tuesday, October 19, 2004 1:51 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Almost there--Remote connection On Tue, 19 Oct 2004 11:18:17 -0400, Ferguson, Michael <ferguson@brvmlaw.com> wrote:> > My Grandstream 100 is at a remote location on broadband and connects > to my * server else where.and:> The * server is behind a firewalland:> The GS100 rings. When answered I can clearly hear everything coming > from the phone that's calling in. The caller cannot hear anything > coming from the GS100 IP phone.Of course not. Running a SIP server behind a Firewall does not exactly make things straightforward. Is your server is only behind a firewall or is it also behind a NAT? If it is behind NAT you should know that that SIP/NAT traversal workarounds are for clients behind NAT connecting to servers on public IPs, not for clients on public IPs connecting to servers behind NAT. rgds benjk -- Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya, Tokyo, Japan. NB: Spam filters in place. Messages unrelated to the * mailing lists may get trashed. _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Thanks. I opened 10000-20000 also on the remote firewall, but still no success. Quite frustrating. -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Karl Dyson Sent: Tuesday, October 19, 2004 1:45 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > Ferguson, Michael > Sent: 19 October 2004 18:30 > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: RE: [Asterisk-Users] Almost there--Remote connection > > I just realised that I neglected to mention that the remote > GS100 phone is sitting behind a firewall also. > Do I need to open any outgoing ports on that firewall? > Considering that one cannot hear anything from the GS100 IP phone? >Yes, both phones will need to have ports 10000-20000 open (having seen your rtp.conf) if they are going o register with your * server.> > Mine says > rtpstart=10000 > rtpend=20000 >________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Ryan, Thanks. That looks hopeful. -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Ryan Courtnage Sent: Tuesday, October 19, 2004 2:25 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Almost there--Remote connection On Tue, 2004-19-10 at 14:07 -0400, Ferguson, Michael wrote:> Thanks. The server is NAT'd. > So, Am I to conclude that it is not going to work and I should abandon> it?I've been down this road. Follow this thread: http://thread.gmane.org/gmane.comp.telephony.pbx.asterisk.user/45339 Ryan Courtnage _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Benjamin, Thanks for your feedback. -----Original Message----- From: Benjamin on Asterisk Mailing Lists [mailto:benjk.on.asterisk.ml@gmail.com] Sent: Tuesday, October 19, 2004 2:53 PM To: Ferguson, Michael Cc: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Almost there--Remote connection On Tue, 19 Oct 2004 14:07:46 -0400, Ferguson, Michael <ferguson@brvmlaw.com> wrote:> Thanks. The server is NAT'd. > So, Am I to conclude that it is not going to work and I should abandon> it?Port forwarding alone won't work because SIP is really SIP+2xRTP which means there are three data streams that from a TCP/IP point of view are three different and unrelated connections: one SIP (signalling) and two RTP (audio) streams. Only the content of the SIP messages makes them logically belong together, but TCP/IP is meant to only care about the envelope, not what's inside the packets. So, your first challenge is to get your NAT router to not throw away the incoming audio. It does so because it doesn't know nor care about the content of the SIP messages which say that the two RTP audio streams belong together and are to be passed on to your Asterisk server. Your second challenge is to get your Asterisk server to match everything up. Because of the NAT, the picture the SIP messages describe doesn't match the picture your server actually sees, and since computer software is pretty bad at guessing, it will simply ignore the bits that it cannot make sense of. My advice would be this: If you are curious and feel that a challenge is always worth taking even if only for the learning experience, then you may want to play with this a little. You may or may not get it to work, I tend to think you won't, but trying to make it work will give you insights in how SIP and NAT work, and in particular how they are not really meant to work together. This is an insight worth struggling for and it will help you later to get other things working or be able to make a good assessment of whether something is just a waste of time. As you might have guessed, I am one of those rebellious minds who didn't take the advice from others that SIP and NAT was a waste of time, I had to find out by myself and I didn't find the holy grail with the magic oil that makes SIP/NAT traversal work, but I am grateful for what I learned in the process of trying. However, if you are a more rational and want to get the job done with a minimal amount of time and effort, regardless of all the fun you might miss out on ;-) then you may want to look at alternatives that are more promising. In the former case, you will want to put your server into the DMZ and then use SIP debug on your Asterisk console to see what the SIP messages say and compare that to a successful SIP connection from within the NAT. Then you want to play with certain parameters at your disposal in /etc/asterisk/sip.conf, such as externip, fromdomain, fromuser etc etc trying to "repair" the incoming SIP messages so that they make as much sense to your server as the ones of the successful connection from within the NAT. This is a little more challenging than if you had the opposite situation (phone behind NAT, server on a public IP) because you cannot tweak those parameters on your Grandstream phone which is where the "broken" SIP messages are going to come from and where naturally the best place would be to tweak things. You can already see where the learning is going to come from ;-) In the latter case, if you just want to get the job done fast, then your alternatives are this: 1) put your Asterisk server on a public IP 2) connect your Asterisk server and your Grandstream phone to FWD [Asterisk]---SIP---[NAT router]---SIP---[FWD]---SIP---[Grandstream] this way, your server becomes a client of FWD, where the FWD is a server with a public IP. Then all you have to solve is how to connect your Asterisk client behind NAT to a SIP server outside of the NAT. That's a lot less of a challenge. If you still have problems with SIP/NAT traversal, you could always use IAX to connect to FWD and that's a walk in the park. 3) build a tunnel between the Asterisk server and the Grandstream phone If your hardware firewall supports a tunneling protocol, ie GRE, IPsec or PPTP, then you could get some device that supports the same protocol at the place where your Grandstream phone is and build a tunnel through which SIP and RTP will travel smoothly without seeing the NAT. hope this helps rgds benjk -- Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya, Tokyo, Japan. NB: Spam filters in place. Messages unrelated to the * mailing lists may get trashed.