current setup SIP phone 192.168.1.30 --> linksys wrt54g sveasoft -- INTERNET -- (xl0) Firewall (xl2:172.16.0.50)--> (em1:172.16.0.101) Asterisk problem is RTP stream not oging trouhg from * to sip and vice versa. #1 and asterusk is pushing 192.168.1.30 back to linksys with 172 as return address.... or #2 asterisk trying to get back to me as 192.168 on public internet.. got canreinvite=yes and no. nat=yes qualify=1000 externaladdr=IP of (em1) localnet=172.16.0.0/12 i would need help form someone who did a sismilar setup.. i do run carp and pfsync also on the FW. mirrored to FW2 down ATM... anyhelp appreciated.. banging head on the wall for 2 weeks now..
I took the info from here: http://www.voip-info.org/tiki-index.php?page=Asterisk%20firewall%20rules and ended up with the following in my pf.conf: rdr on $ext_if proto tcp from any to ($ext_if) port 5060 -> $dmz_ip port 5060 rdr on $ext_if proto udp from any to ($ext_if) port 5060 -> $dmz_ip port 5060 rdr on $ext_if proto udp from any to ($ext_if) port 4569 -> $dmz_ip port 4569 rdr on $ext_if proto udp from any to ($ext_if) port 5036 -> $dmz_ip port 5036 rdr on $ext_if proto udp from any to ($ext_if) port 9999:20001 -> $dmz_ip port 9999:20001 rdr on $ext_if proto udp from any to ($ext_if) port 2727 -> $dmz_ip port 2727 I also have the following lines in there: pass out on $ext_if all keep state # pass incoming dmz traffic pass in on $ext_if proto tcp from any to $dmz_ip keep state pass in on $ext_if proto udp from any to $dmz_ip keep state HTH Hatton
On 20:00, Mon 13 Jun 05, Frank Cases wrote:> current setup > > SIP phone 192.168.1.30 --> linksys wrt54g sveasoft -- INTERNET -- > (xl0) Firewall (xl2:172.16.0.50)--> (em1:172.16.0.101) Asterisk > > > problem is RTP stream not oging trouhg from * to sip and vice versa. > > #1 and asterusk is pushing 192.168.1.30 back to linksys with 172 as > return address.... > or > #2 asterisk trying to get back to me as 192.168 on public internet.. > > > > got > canreinvite=yes and no. > nat=yes > qualify=1000 > > externaladdr=IP of (em1) > localnet=172.16.0.0/12 > >Try to set the externaladdr to the IP of xl0. That did the trick for me here. -- Michiel van Baak http://michiel.vanbaak.info michiel@vanbaak.info GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x7E0B9A2D "Two of the most famous products of Berkeley are LSD and BSD. I don't think that this is a coincidence."
On Tuesday 14 June 2005 02:04, Michiel van Baak wrote:> On 20:00, Mon 13 Jun 05, Frank Cases wrote: > > current setup > > > > SIP phone 192.168.1.30 --> linksys wrt54g sveasoft -- INTERNET -- > > (xl0) Firewall (xl2:172.16.0.50)--> (em1:172.16.0.101) Asterisk > > > > > > problem is RTP stream not oging trouhg from * to sip and vice versa. > > > > #1 and asterusk is pushing 192.168.1.30 back to linksys with 172 as > > return address.... > > or > > #2 asterisk trying to get back to me as 192.168 on public internet.. > > > > > > > > got > > canreinvite=yes and no. > > nat=yes > > qualify=1000 > > > > externaladdr=IP of (em1) > > localnet=172.16.0.0/12 > > Try to set the externaladdr to the IP of xl0. > That did the trick for me here.Well, you better make it for what your interface is. Type ifconfig -a to see what type of NICs you have. -- Steve Szmidt "They that would give up essential liberty for temporary safety deserve neither liberty nor safety." Benjamin Franklin