Carlos,
Thank you for your fast response :) , this is the output of iptables -nL
on my linux box:
root@razametal:/home/guillermo # iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 192.168.0.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.0.0/24
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@razametal:/home/guillermo # iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.0.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
This is my very-small and simple firewall script:
root@razametal:/home/guillermo # cat /etc/init.d/firewall
# Cargar Modulos
modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
modprobe ip_nat_irc
modprobe ip_conntrack_irc
# Habilitar el forward
echo 1 > /proc/sys/net/ipv4/ip_forward
# Flush
iptables -X
iptables -F
iptables -X -t nat
iptables -F -t nat
# Habilitar nat para 192.168.0.0/24
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE
# Permitir el forward para 192.168.0.0/24
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT
# EOF
On Sat, 2005-07-02 at 16:39 -0400, Carlos Alperin wrote:> Guillermo,
>
> This is an issue with your router. Do you have open the ports 5060 for SIP?
> Also, RTP needs to be open from 16384 to 32767.
>
> Saludos,
>
> Carlos Alperin
> Senior System Engineer
> Seneca Communications, LLC
> calperin@senecacom.net
>
>
> -----Original Message-----
> From: asterisk-users-bounces@lists.digium.com
> [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Guillermo
> Salas M
> Sent: Saturday, July 02, 2005 4:13 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: [Asterisk-Users] Sipura SPA2000 behind NAT
>
> Hi, I've one Sipura SPA2000 at home behind a linuxbox with two network
> adapters (eth0 for WAN and eth1 for LAN) doing NAT/DHCP:
>
>
> ___________ HOME _______________ ____OFFICE ____
> SPA2000 <---> Linux Box <--> Asterisk Box
> 192.168.0.253 192.168.0.1 eth1 200.93.xxx.a
> 200.93.xxx.b eth0
>
> My problem is when I try to call to any trunk or extention I can the
> audio when the destination is ringing, but I can hear the voice of the
> person when it reponds. The person in the other side can hear me, but I
> can not hear anything from him. I can not hear the voice prompts for the
> voicemail (*98) or the operator voice, but can leave voice messages to
> other SIP devices and they can hear my messages.
>
> This is my sip.conf
> [105]
> username=105
> type=friend
> secret=105
> qualify=no
> port=5060
> nat=yes
> mailbox=105@default
> host=dynamic
> dtmfmode=rfc2833
> context=from-internal
> canreinvite=no
> callerid="Guilllermo Salas HOME" <105>
>
> My ext on line 1 of the Sipura is 105, and is registred with the * box:
> -- Registered SIP '105' at 200.93.220.27 port 5060 expires 3600
>
> asterisk*CLI> sip show peer 105
> asterisk*CLI>
>
> * Name : 105
> Secret : <Set>
> MD5Secret : <Not set>
> Context : from-internal
> Language : es
> FromUser :
> FromDomain :
> Callgroup : (0)
> Pickupgroup : (0)
> Mailbox : 105@default
> LastMsgsSent : 2
> Dynamic : Yes
> Expire : 4
> Expiry : 900
> Insecure : No
> Nat : Always
> ACL : No
> CanReinvite : No
> PromiscRedir : No
> DTMFmode : rfc2833
> LastMsg : 0
> ToHost :
> Addr->IP : 200.93.xxx.xb Port 5060
> Defaddr->IP : 0.0.0.0 Port 5060
> Username : 105
> Codecs : 0xc011f (g723|gsm|ulaw|alaw|g726|g729|h261|h263)
> Codec Order : (g729|g723|gsm|g726|ulaw|alaw|h261|h263)
> Status : UNKNOWN
> Useragent :
> Full Contact : sip:105@192.168.0.253:5060
>
> And this is the output of sip debug peer 105 when I call to *98 (for
> voice messages):
>
> asterisk*CLI> sip debug peer 105
> SIP Debugging Enabled for IP: 200.93.xxx.xb:5060
>
> Sip read:
> NOTIFY sip:sip.mydomain.net SIP/2.0
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-67ea7370
> From: Guillermo Salas M
<sip:105@sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:sip.mydomain.net>
> Call-ID: a584ba93-53c0013c@192.168.0.253
> CSeq: 4 NOTIFY
> Max-Forwards: 70
> Event: keep-alive
> User-Agent: Sipura/SPA2000-2.0.2
> Content-Length: 0
>
>
> 10 headers, 0 lines
> Transmitting (no NAT):
> SIP/2.0 200 OK
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-67ea7370
> From: Guillermo Salas M
<sip:105@sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:sip.mydomain.net>;tag=as038653dd
> Call-ID: a584ba93-53c0013c@192.168.0.253
> CSeq: 4 NOTIFY
> User-Agent: Asterisk PBX
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
> Contact:
> Content-Length: 0
>
>
> to 200.93.xxx.xb:5060
> Destroying call 'a584ba93-53c0013c@192.168.0.253'
>
> asterisk*CLI>
>
> Sip read:
> NOTIFY sip:sip.mydomain.net SIP/2.0
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-d386a279
> From: Guillermo Salas M
<sip:105@sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:sip.mydomain.net>
> Call-ID: a584ba93-53c0013c@192.168.0.253
> CSeq: 6 NOTIFY
> Max-Forwards: 70
> Event: keep-alive
> User-Agent: Sipura/SPA2000-2.0.2
> Content-Length: 0
>
>
> 10 headers, 0 lines
> Transmitting (no NAT):
> SIP/2.0 200 OK
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-d386a279
> From: Guillermo Salas M
<sip:105@sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:sip.mydomain.net>;tag=as5099fa8f
> Call-ID: a584ba93-53c0013c@192.168.0.253
> CSeq: 6 NOTIFY
> User-Agent: Asterisk PBX
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
> Contact:
> Content-Length: 0
>
>
> to 200.93.xxx.xb:5060
> Destroying call 'a584ba93-53c0013c@192.168.0.253'
> asterisk*CLI>
>
>
> I dial *98 to get into the voice message system:
>
> asterisk*CLI>
>
> Sip read:
> ACK sip:*98@sip.mydomain.net SIP/2.0
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-600583f3
> From: Guillermo Salas M
<sip:105@sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:*98@sip.mydomain.net>;tag=as65eec750
> Call-ID: 636a9064-eba36dcb@192.168.0.253
> CSeq: 101 ACK
> Max-Forwards: 70
> Contact: Guillermo Salas M <sip:105@192.168.0.253>
> User-Agent: Sipura/SPA2000-2.0.2
> Content-Length: 0
>
>
> 10 headers, 0 lines
> asterisk*CLI>
>
> Sip read:
> INVITE sip:*98@sip.mydomain.net SIP/2.0
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-ec22067b
> From: Guillermo Salas M
<sip:105@sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:*98@sip.mydomain.net>
> Call-ID: 636a9064-eba36dcb@192.168.0.253
> CSeq: 102 INVITE
> Max-Forwards: 70
> Proxy-Authorization: Digest
>
username="105",realm="asterisk",nonce="47a68adb",uri="sip:*98@sip.mydomain.n
>
et",algorithm=MD5,response="8e60f592df094f9b852a59544b9da384"
> Contact: Guillermo Salas M <sip:105@192.168.0.253>
> Expires: 240
> User-Agent: Sipura/SPA2000-2.0.2
> Content-Length: 422
> Content-Type: application/sdp
>
> v=0
> o=- 12384 12384 IN IP4 192.168.0.253
> s=-
> c=IN IP4 192.168.0.253
> t=0 0
> m=audio 16468 RTP/AVP 4 0 2 8 18 96 97 98 100 101
> a=rtpmap:4 G723/8000
> a=rtpmap:0 PCMU/8000
> a=rtpmap:2 G726-32/8000
> a=rtpmap:8 PCMA/8000
> a=rtpmap:18 G729a/8000
> a=rtpmap:96 G726-40/8000
> a=rtpmap:97 G726-24/8000
> a=rtpmap:98 G726-16/8000
> a=rtpmap:100 NSE/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-15
> a=ptime:30
> a=sendrecv
>
> 13 headers, 19 lines
> Using latest request as basis request
> Sending to 192.168.0.253 : 5060 (NAT)
> Found user '105'
> Found RTP audio format 4
> Found RTP audio format 0
> Found RTP audio format 2
> Found RTP audio format 8
> Found RTP audio format 18
> Found RTP audio format 96
> Found RTP audio format 97
> Found RTP audio format 98
> Found RTP audio format 100
> Found RTP audio format 101
> Peer audio RTP is at port 192.168.0.253:16468
> Found description format G723
> Found description format PCMU
> Found description format G726-32
> Found description format PCMA
> Found description format G729a
> Found description format G726-40
> Found description format G726-24
> Found description format G726-16
> Found description format NSE
> Found description format telephone-event
> Capabilities: us - 0xc011f (g723|gsm|ulaw|alaw|g726|g729|h261|h263),
> peer - audio=0x51d (g723|ulaw|alaw|g726|g729|ilbc)/video=0x0 (nothing),
> combined - 0x11d (g723|ulaw|alaw|g726|g729)
> Non-codec capabilities: us - 0x1 (g723), peer - 0x1 (g723), combined -
> 0x1 (g723)
> Looking for *98 in from-internal
> list_route: hop: <sip:105@192.168.0.253>
> Transmitting (NAT):
> SIP/2.0 100 Trying
> Via: SIP/2.0/UDP
> 192.168.0.253;branch=z9hG4bK-ec22067b;received=200.93.xxx.xb;rport=5060
> From: Guillermo Salas M
<sip:105@sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:*98@sip.mydomain.net>;tag=as58095e00
> Call-ID: 636a9064-eba36dcb@192.168.0.253
> CSeq: 102 INVITE
> User-Agent: Asterisk PBX
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
> Contact: <sip:*98@200.93.xxx.xa>
> Content-Length: 0
>
>
> to 200.93.xxx.xb:5060
> -- Executing Answer("SIP/105-6408", "") in new
stack
> We're at 200.93.xxx.xa port 12436
> Video is at 200.93.xxx.xa port 16274
> Answering with preferred capability 0x100 (g729)
> Answering with preferred capability 0x1 (g723)
> Answering with preferred capability 0x2 (gsm)
> Answering with preferred capability 0x10 (g726)
> Answering with preferred capability 0x4 (ulaw)
> Answering with preferred capability 0x8 (alaw)
> Answering with preferred capability 0x40000 (h261)
> Answering with preferred capability 0x80000 (h263)
> Answering with non-codec capability 0x1 (telephone-event)
> Reliably Transmitting (NAT):
> SIP/2.0 200 OK
> Via: SIP/2.0/UDP
> 192.168.0.253;branch=z9hG4bK-ec22067b;received=200.93.xxx.xb;rport=5060
> From: Guillermo Salas M
<sip:105@sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:*98@sip.mydomain.net>;tag=as58095e00
> Call-ID: 636a9064-eba36dcb@192.168.0.253
> CSeq: 102 INVITE
> User-Agent: Asterisk PBX
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
> Contact: <sip:*98@200.93.xxx.xa>
> Content-Type: application/sdp
> Content-Length: 340
>
> v=0
> =root 7393 7393 IN IP4 200.93.xxx.xa
> s=session
> c=IN IP4 200.93.xxx.xa
> t=0 0
> m=audio 12436 RTP/AVP 18 4 3 2 0 8 101
> a=rtpmap:18 G729/8000
> a=rtpmap:4 G723/8000
> a=rtpmap:3 GSM/8000
> a=rtpmap:2 G726-32/8000
> a=rtpmap:0 PCMU/8000
> a=rtpmap:8 PCMA/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-16
> a=silenceSupp:off - - - -
>
> to 200.93.xxx.xb:5060
> -- Executing Wait("SIP/105-6408", "1") in new stack
> asterisk*CLI>
>
> Sip read:
> ACK sip:*98@200.93.xxx.xa SIP/2.0
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-ec22067b
> From: Guillermo Salas M
<sip:105@sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:*98@sip.mydomain.net>;tag=as58095e00
> Call-ID: 636a9064-eba36dcb@192.168.0.253
> CSeq: 102 ACK
> Max-Forwards: 70
> Proxy-Authorization: Digest
>
username="105",realm="asterisk",nonce="47a68adb",uri="sip:*98@sip.mydomain.n
>
et",algorithm=MD5,response="74dd50faa2bb97fdb1a0fe6ce93489de"
> Contact: Guillermo Salas M <sip:105@192.168.0.253>
> User-Agent: Sipura/SPA2000-2.0.2
> Content-Length: 0
>
>
> 11 headers, 0 lines
> -- Executing VoiceMailMain("SIP/105-6408",
"default") in new stack
> -- Playing 'vm-login' (language 'es')
> asterisk*CLI>
>
> Sip read:
> NOTIFY sip:sip.mydomain.net SIP/2.0
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-8ecd1b3e
> From: Guillermo Salas M
<sip:105@sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:sip.mydomain.net>
> Call-ID: a584ba93-53c0013c@192.168.0.253
> CSeq: 9 NOTIFY
> Max-Forwards: 70
> Event: keep-alive
> User-Agent: Sipura/SPA2000-2.0.2
> Content-Length: 0
>
> 10 headers, 0 lines
> Transmitting (no NAT):
> SIP/2.0 200 OK
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-8ecd1b3e
> From: Guillermo Salas M
<sip:105@sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:sip.mydomain.net>;tag=as45caf3ff
> Call-ID: a584ba93-53c0013c@192.168.0.253
> CSeq: 9 NOTIFY
> User-Agent: Asterisk PBX
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
> Contact:
> Content-Length: 0
>
>
> to 200.93.xxx.xb:5060
> Destroying call 'a584ba93-53c0013c@192.168.0.253'
> -- No username but # key pressed. Using CID '105'
> -- Playing 'vm-password' (language 'es')
> -- Incorrect password '' for user '105' (context =
<any>)
> -- Playing 'vm-incorrect-mailbox' (language 'es')
> asterisk*CLI>
>
> Any hint will be very appreciated,
>
>
> Regards,
>
>
> Guill3rm0
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users@lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users