I'm reading the O'Reilly "Asterisk the definitive guide", 4th
ed, with a
starfish on it. In some ways, astonishing that it's not really that
definitive, it's more general -- and it only clocks in at one ream of
paper!
In any event, I'm having some port problems on my home network:
http://security.stackexchange.com/questions/81752/
I need to open ports for Asterisk to work even on a local level.
so I'm just asking in general. For SIP to SIP peer calling, and by that
I just mean "ring" or "beep," some sort of ping, basically,
just
configure the two softphones to use the IP address for the Asterisk box?
also:
tleilax:~ #
tleilax:~ # asterisk -V
Asterisk 1.8.32.1-vici
tleilax:~ #
tleilax:~ # asterisk -rm
Asterisk 1.8.32.1-vici, Copyright (C) 1999 - 2013 Digium, Inc. and others.
Created by Mark Spencer <markster at digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty'
for
details.
This is free software, with components licensed under the GNU General
Public
License version 2 and other licenses; you are welcome to redistribute it
under
certain conditions. Type 'core show license' for details.
========================================================================log and
verbose output currently muted ('logger mute' to unmute)
Connected to Asterisk 1.8.32.1-vici currently running on tleilax (pid 3062)
Verbosity is at least 21
tleilax*CLI>
tleilax*CLI> sip show peer babytel
* Name : babytel
Secret : <Set>
MD5Secret : <Not set>
Remote Secret: <Not set>
Context : default
Subscr.Cont. : <Not set>
Language : en
AMA flags : Unknown
Netborder CPD: No
Transfer mode: open
CallingPres : Presentation Allowed, Not Screened
Callgroup :
Pickupgroup :
MOH Suggest : default
Mailbox :
VM Extension : asterisk
LastMsgsSent : 32767/65535
Call limit : 0
Max forwards : 0
Dynamic : Yes
Callerid : "" <>
MaxCallBR : 384 kbps
Expire : -1
Insecure : no
Force rport : Yes
ACL : No
DirectMedACL : No
T.38 support : No
T.38 EC mode : Unknown
T.38 MaxDtgrm: 4294967295
DirectMedia : No
PromiscRedir : No
User=Phone : No
Video Support: No
Text Support : No
Ign SDP ver : No
Trust RPID : No
Send RPID : Yes
TrustIDOutbnd: Legacy
Subscriptions: Yes
Overlap dial : No
DTMFmode : rfc2833
Timer T1 : 500
Timer B : 32000
ToHost : sip.babytel.ca
Addr->IP : 198.38.7.11:5060
Defaddr->IP : (null)
Prim.Transp. : UDP
Allowed.Trsp : UDP
Def. Username: 1<private>
SIP Options : (none)
Codecs : 0x4 (ulaw)
Codec Order : (ulaw:20)
Auto-Framing : No
Status : UNREACHABLE
Useragent :
Reg. Contact :
Qualify Freq : 60000 ms
Sess-Timers : Accept
Sess-Refresh : uas
Sess-Expires : 1800 secs
Min-Sess : 90 secs
RTP Engine : asterisk
Parkinglot :
Use Reason : No
Encryption : No
tleilax*CLI>
tleilax*CLI> sip show peers
Name/username Host Dyn Forcerport ACL Port Status
201/201 (Unspecified) D N 0 UNKNOWN
babytel/1<private> 198.38.7.11 D N
5060 UNREACHABLE
gs102/gs102 (Unspecified) D N 0 UNKNOWN
3 sip peers [Monitored: 0 online, 3 offline Unmonitored: 0 online, 0
offline]
tleilax*CLI>
thanks,
Thufir
It looks as if that is more of a question/issue with your router, rather than Asterisk. I have SIP devices working on my LAN, all hardwired, and have no need to open any ports or have the router address SIP in any way My switch is not managed, and the router ports on the LAN side are all unmanaged, just a huge Ethernet "wirenut" You SHOULD be able to communicate between devices on the LAN without any firewall issue. I have also found with some routers that the DMZ isn't what one expects, and can get in the way, depending on the firware. Does this router have any SIP ALG setting? turn it off! As an aside, I would caution you to not have SIP 5060 exposed to the public Internet, or you will soon regret it. I am sure others will have much better information though John Novack thufir wrote:> I'm reading the O'Reilly "Asterisk the definitive guide", 4th ed, with a > starfish on it. In some ways, astonishing that it's not really that > definitive, it's more general -- and it only clocks in at one ream of > paper! > > In any event, I'm having some port problems on my home network: > > http://security.stackexchange.com/questions/81752/ > > I need to open ports for Asterisk to work even on a local level. > > > > so I'm just asking in general. For SIP to SIP peer calling, and by that > I just mean "ring" or "beep," some sort of ping, basically, just > configure the two softphones to use the IP address for the Asterisk box? > > > also: > > > tleilax:~ # > tleilax:~ # asterisk -V > Asterisk 1.8.32.1-vici > tleilax:~ # > tleilax:~ # asterisk -rm > Asterisk 1.8.32.1-vici, Copyright (C) 1999 - 2013 Digium, Inc. and others. > Created by Mark Spencer <markster at digium.com> > Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for > details. > This is free software, with components licensed under the GNU General > Public > License version 2 and other licenses; you are welcome to redistribute it > under > certain conditions. Type 'core show license' for details. > ========================================================================> log and verbose output currently muted ('logger mute' to unmute) > Connected to Asterisk 1.8.32.1-vici currently running on tleilax (pid > 3062) > Verbosity is at least 21 > tleilax*CLI> > tleilax*CLI> sip show peer babytel > > > * Name : babytel > Secret : <Set> > MD5Secret : <Not set> > Remote Secret: <Not set> > Context : default > Subscr.Cont. : <Not set> > Language : en > AMA flags : Unknown > Netborder CPD: No > Transfer mode: open > CallingPres : Presentation Allowed, Not Screened > Callgroup : > Pickupgroup : > MOH Suggest : default > Mailbox : > VM Extension : asterisk > LastMsgsSent : 32767/65535 > Call limit : 0 > Max forwards : 0 > Dynamic : Yes > Callerid : "" <> > MaxCallBR : 384 kbps > Expire : -1 > Insecure : no > Force rport : Yes > ACL : No > DirectMedACL : No > T.38 support : No > T.38 EC mode : Unknown > T.38 MaxDtgrm: 4294967295 > DirectMedia : No > PromiscRedir : No > User=Phone : No > Video Support: No > Text Support : No > Ign SDP ver : No > Trust RPID : No > Send RPID : Yes > TrustIDOutbnd: Legacy > Subscriptions: Yes > Overlap dial : No > DTMFmode : rfc2833 > Timer T1 : 500 > Timer B : 32000 > ToHost : sip.babytel.ca > Addr->IP : 198.38.7.11:5060 > Defaddr->IP : (null) > Prim.Transp. : UDP > Allowed.Trsp : UDP > Def. Username: 1<private> > SIP Options : (none) > Codecs : 0x4 (ulaw) > Codec Order : (ulaw:20) > Auto-Framing : No > Status : UNREACHABLE > Useragent : > Reg. Contact : > Qualify Freq : 60000 ms > Sess-Timers : Accept > Sess-Refresh : uas > Sess-Expires : 1800 secs > Min-Sess : 90 secs > RTP Engine : asterisk > Parkinglot : > Use Reason : No > Encryption : No > > tleilax*CLI> > tleilax*CLI> sip show peers > Name/username Host Dyn Forcerport ACL Port Status > 201/201 (Unspecified) D N 0 UNKNOWN > babytel/1<private> 198.38.7.11 D N > 5060 UNREACHABLE > gs102/gs102 (Unspecified) D N 0 UNKNOWN > 3 sip peers [Monitored: 0 online, 3 offline Unmonitored: 0 online, 0 > offline] > tleilax*CLI> > > > > > thanks, > > Thufir > >-- Dog is my Co-pilot -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20150216/982ed196/attachment.html>
On Mon, 16 Feb 2015 16:12:04 -0500, John Novack wrote:> It looks as if that is more of a question/issue with your router, rather > than Asterisk. > > I have SIP devices working on my LAN, all hardwired, and have no need to > open any ports or have the router address SIP in any way My switch is > not managed, and the router ports on the LAN side are all unmanaged, > just a huge Ethernet "wirenut" > You SHOULD be able to communicate between devices on the LAN without any > firewall issue. > I have also found with some routers that the DMZ isn't what one expects, > and can get in the way, depending on the firware. > Does this router have any SIP ALG setting? turn it off! > As an aside, I would caution you to not have SIP 5060 exposed to the > public Internet, or you will soon regret it. > > I am sure others will have much better information though > > John NovackSeems spot on. I would just add that on my LAN, it doesn't directly connect to the internet, so even an exposed 5060 port is only exposed another router. That router has firewall, etc. the netgear router connects with ethernet cable to an iogear wifi adaper. the netgear router uses DHCP and gets an IP address of 192.x.x.x from the iogear device. The iogear device gets its IP address wirelessly from the another router. That upstream router is from the ISP (has their branding), and has a firewall. So, I'm not concerned about opening ports on the netgear router :) -Thufir
On Mon, 16 Feb 2015 16:12:04 -0500, John Novack wrote:> My switch is not managed, and the router ports on the LAN side are all > unmanaged, just a huge Ethernet "wirenut" > You SHOULD be able to communicate between devices on the LAN without any > firewall issue.I think I might be doing this in a very stupid way. I'm reading Asterisk the definitive guide, but it's very general. Can you describe your, or a typical setup, in a bit more detail? "The setup I will use in these notes is this: Asterisk is installed on the gateway/router to the Internet and Ekiga is installed on an 'inside' workstation." http://wiki.ekiga.org/index.php/Ekiga_as_an_Asterisk_client What I have is everything connected into the gateway: 192.168.1.1 router 192.168.1.2 tleilax asterisk server; static ip 192.168.1.x doge, client pc; usually .3 Tleilax needs at least two NIC's? One to connect to the gateway, and then perhaps doge directly connects to tleilax, or, there's a switch between doge and tleilax so that other clients can also connect to tleilax. I can't find much in the Asterisk book on this. On all sorts of complex network setups, yes, but not something basic like this. thanks, Thufir