Hi, Ive got a linux firewall with Private/Public ip address on two nics.I need clients to connect via SIP from the private network to a public Asterisk PBX.Ive tried the the configs from the wiki and have not come right. Has anyone managed to get this working and if so please share the configs or point me in the right direction. Thanks MS -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20050419/4ae51e98/attachment.htm
Michael Sanders wrote:> > > Hi, > > Ive got a linux firewall with Private/Public ip address on two nics.I > need clients to connect via SIP from the private network to a public > Asterisk PBX.Ive tried the the configs from the wiki and have not come > right. > > Has anyone managed to get this working and if so please share the > configs or point me in the right direction. > > Thanks > > MSCan you get the simpler case working, with just a single client behind the firewall? Is your problem in getting multiple clients working, or getting one working via NAT, or getting one working through the firewall filtering, or SIP works but no audio, or what? Single or multiple public IPs? More info would have helped. If you're talking about multiple clients hidden behind a single public IP, you should be able to do that either by configuring each client on a different port (5060/5061/5062 etc) or with 'nat keepalive' (on some phones at least). If you have multiple public IPs available, then putting each SIP client on a different public IP solves the complications - then you just have to deal with the simple NAT case. (misidentification, without misrouting too) In this case, if you can get one phone working then you can get them all working, each with a different public IP but the same essential configuration. By 'public asterisk pbx' do you mean a public voip service, or an asterisk server you control which is on a public IP? Because if you control both ends, you can setup a VPN. If you specifically need help with the iptables setup, you're probably better off here: https://lists.netfilter.org/mailman/listinfo/netfilter netfilter-request@lists.netfilter.org?subject=subscribe (although I can try to answer iptables questions - boss calls me 'firewalldude' for a reason ;) j
i have not done such a thing. but may be a couple of questions may point you in the right direction. Does your firewall allow communication in this ports? (source and destiny shown): # External SIP phones Signaling (Imcoming and outgoing) ACCEPT all all tcp - 5060:5120 ACCEPT all all udp - 5060:5120 ACCEPT all all tcp 5060:5120 ACCEPT all all udp 5060:5120 # External SIP phones RTP stream ports (Incoming and outgoing) ACCEPT all all udp 5000:5060 ACCEPT all all udp - 5000:5060 On 4/19/05, Michael Sanders <Michael.Sanders@titanit.co.za> wrote:> > > Hi, > > Ive got a linux firewall with Private/Public ip address on two nics.I need > clients to connect via SIP from the private network to a public Asterisk > PBX.Ive tried the the configs from the wiki and have not come right. > > Has anyone managed to get this working and if so please share the configs or > point me in the right direction. > > Thanks > > MS > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/mailman/listinfo/asterisk-users > >-- "Su nombre es GNU/Linux, no solamente Linux, mas info en http://www.gnu.org"
1. just make full NAT/MASQUERADE for your sip client 2. on remote * in sip.conf for that client nat=yes. after sip reload on * and that should be working in any case U could run tcpdump and see what's wrong there ... On Tue, 2005-04-19 at 15:40, Michael Sanders wrote:> Hi, > > Ive got a linux firewall with Private/Public ip address on two nics.I > need clients to connect via SIP from the private network to a public > Asterisk PBX.Ive tried the the configs from the wiki and have not come > right. > > Has anyone managed to get this working and if so please share the > configs or point me in the right direction. > > Thanks > > MS > > ______________________________________________________________________ > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users