Hi,
I've installed Asterisk 1.2.13, and it works ok, but I have some
voip clients behind a squid proxy server, and this clients can't connect
to the Asterisk server. I added the access lists which permit the
voip ports through the proxy, but the clients can't connect. This access
lists in squid.conf are:
acl safe_ports port 5060
acl safe_ports port 4569
acl safe_ports port 5036
acl safe_ports port 2727
acl safe_ports port 9999-20001
Have you any idea how can I solve this problem?
rs
rozsa wrote:> Hi, > I've installed Asterisk 1.2.13, and it works ok, but I have some > voip clients behind a squid proxy server, and this clients can't connect > to the Asterisk server. I added the access lists which permit the > voip ports through the proxy, but the clients can't connect. This access > lists in squid.conf are: > acl safe_ports port 5060 > acl safe_ports port 4569 > acl safe_ports port 5036 > acl safe_ports port 2727 > acl safe_ports port 9999-20001 > > Have you any idea how can I solve this problem? > > rs > > > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >You need to do 1 to 1 NAT on the ports to get them through. I would suggest using a sip proxy on the squid server.
On 6/27/07, rozsa <rozsa at student.utcluj.ro> wrote:> > Hi, > I've installed Asterisk 1.2.13, and it works ok, but I have some > voip clients behind a squid proxy server, and this clients can't connect > to the Asterisk server. I added the access lists which permit the > voip ports through the proxy, but the clients can't connect. This access > lists in squid.conf are: > acl safe_ports port 5060 > acl safe_ports port 4569 > acl safe_ports port 5036 > acl safe_ports port 2727 > acl safe_ports port 9999-20001Have you any idea how can I solve this problem? I usually pass VoIP traffic without it going through the proxy. It can be dangerous, but if you set up your rules right, it should be OK. The only real exposure is that other things can hop on those ports. But then again, the safe_ports has the same challenge... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20070627/dd4ae0a7/attachment.htm
On 6/27/07, rozsa <rozsa at student.utcluj.ro> wrote:> Hi, > I've installed Asterisk 1.2.13, and it works ok, but I have some > voip clients behind a squid proxy server, and this clients can't connect > to the Asterisk server. I added the access lists which permit the > voip ports through the proxy, but the clients can't connect. This access > lists in squid.conf are: > acl safe_ports port 5060 > acl safe_ports port 4569 > acl safe_ports port 5036 > acl safe_ports port 2727 > acl safe_ports port 9999-20001 > > Have you any idea how can I solve this problem? > > rs >rs, Squid is an HTTP/HTTPS caching proxy server. It has nothing to do with any of the protocols used for Asterisk (except maybe for the new HTTP manager interface). I'm not really sure what you are trying to do but UDP SIP on port 5060 (the only one I recognize out of your list) will never pass through Squid. I think you need to setup IP masquerading... -- Kristian Kielhofner
Squid (or any other HTTP proxy) cannot proxy VoIP traffic. rozsa wrote:> Hi, > I've installed Asterisk 1.2.13, and it works ok, but I have some > voip clients behind a squid proxy server, and this clients can't connect > to the Asterisk server. I added the access lists which permit the > voip ports through the proxy, but the clients can't connect. This access > lists in squid.conf are: > acl safe_ports port 5060 > acl safe_ports port 4569 > acl safe_ports port 5036 > acl safe_ports port 2727 > acl safe_ports port 9999-20001 > > Have you any idea how can I solve this problem? > > rs > > > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >