search for: nonat

Hi! REDIRECT lan 3328 tcp www - !192.168.0.0/29,10.0.0.0/16 This rules redirect all traffic web to proxy but howto exclude 1 ip from redirect ?? REDIRECT lan 53 tcp domain - REDIRECT lan 53 udp domain - And in this case howto exclude some ip ? Thx.

...ween tenants allowing one tenant to directly access phones on another tenant (that's not as wild as it sounds because of our use of the ISCS project - iscs.sourceforge.net). Since the tenants are all connecting via VPN, we are using RFC1918 addresses and no NAT is involved thus the canreinvite=nonat option does not help us. If we set canreinvite=nonat, that will allow for intra-tenant direct media but, if one tenant tries to call another via SIP, it will redirect the media at the Asterisk level but the packets will be dropped at the firewall / router level (or sooner as there may be no route...

...s soon as I commented out the .45 IP address that I added last week traffic flowed again. We need to authorize traffic from both IP addresses. Any suggestions? Sip.conf: [incoming-trunk] type=peer insecure=port,invite context=default-incoming host=XX.XXX.XXX.40 canreinvite=nonat qualify=yes disallow=all allow=ulaw nat=yes [incoming-trunk] type=peer insecure=port,invite context=default-incoming host=XX.XXX.XXX.45 canreinvite=nonat qualify=yes disallow=all allow=ulaw nat=yes Default-incoming in extensions.conf is: [default-incoming] ; Create exte...

...50 (type 03, len 000033) > Sent RTP P2P packet to 192.168.128.231:51350 (type 03, len 000033) > == Spawn extension (local, 301, 1) exited non-zero on > 'SIP/hsolutionspf5-00000002' I tried many options to disable SRTP but without success : * canreinvite = no * canreinvite = nonat * srtpcapable=no * encryption=no * directmedia=nonat * ...or noload => res_srtp.so in modules.conf Any help would be GREATLY appreciated ! Denis P. S. We have Asterisk 1.8.4.4 under CentOS release 5.11 (Final) -------------- next part -------------- An HTML attachment was scrubbed.....

...re-invite media streams to an optimal path. If there's ; no reason for Asterisk to stay in the media path, the media will be redirected. ; This does not really work well in the case where Asterisk is outside and the ; clients are on the inside of a NAT. In that case, you want to set directmedia=nonat. ; ;directmedia=yes ; Asterisk by default tries to redirect the ; RTP media stream to go directly from ; the caller to the callee. Some devices do not ; support this (especially if one of...

...0033) Sent RTP P2P packet to 192.168.128.231:51350 <http://192.168.128.231:51350> (type 03, len 000033) == Spawn extension (local, 301, 1) exited non-zero on 'SIP/hsolutionspf5-00000002' I tried many options to disable SRTP but without success : * canreinvite = no * canreinvite = nonat * srtpcapable=no * encryption=no * directmedia=nonat * ...or noload => res_srtp.so in modules.conf Any help would be GREATLY appreciated ! Denis P. S. We have Asterisk 1.8.4.4 under CentOS release 5.11 (Final) -- _____________________________________________________________________ -- Band...

...es the call on hold. During hold, the Sipphone user cannot hear music, only silence. The silence continues after the hold, though the local phone can hear the Sipphone user. Every possible combination of nat=yes, no, maybe, possibly or never gives the same result. Further, canreinvite=yes/no/nonat has no result. I suspect a possible reinvite issue with Asterisk being out of the RTP stream, so I have tried all the usual variables in the DialI() command as well to no avail. Any thoughts on how to fix one-way-audio after a hold? --Brent -------------- next part -------------- An...

Hi There, Due to shortage computer, I need to install Apache to my Shorewall box (192.168.1.1) But the real web server is on another box (192.168.1.2) I tried to put rule: DNAT net loc:192.168.168.1 tcp 80 But everytime www connection coming in, it will hit my shorewall Any solution? Cheer Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how:

...s " ${CALLERID(all)} ) exten => _j.,n,GoTo(from-outside,${3digitexten},1) [from-outside] exten => 123,1,NoOp() exten => 123,n,Answer() exten => 123,n,Dial(SIP/jnctn/1212xxxyyyy) exten => 123,n,HangUp() sip.conf: [general] externaddr=xx.yyy.zz.aa nat=yes directmedia=no ; tried nonat sip show peer jnctn: Insecure : invite Force rport : Yes ......... DirectMedia : No sip show peer teliax: Insecure : port,invite Force rport : Yes ........ DirectMedia : No And the cli doesn't show any problems: NoOp("SIP/teliax-00000022", &qu...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all! I'm investigating the possibility of using Asterisk as much for internal communication in an office as between offices and I would like to know what considerations you could comment to me being based on the experience that you have had. A priori two things come to my mind: * As to network topology, is advisable to have switches and

I want to use fprobe-ulog (http://fprobe.sourceforge.net/) to generate NetFlow information about traffic going through my router. The question is how to get the logging rules added to the appropriate chains (I''m assuming eth2_in and eth2_out in my case)? I''m using the perl version of shorewall 4.0.6. -- Orion Poplawski Technical Manager 303-415-9701

...findslot => next [parkinglot_a10] ; EBC context => a10-parking parkpos => 800-820 findslot => next I then set the parkinglot parameters in sip.conf as follows: [general] context=incoming tos_audio=0xb0 tos_sip=0xb0 disallow=all allow=ulaw allow=alaw allow=speex allow=gsm canreinvite=nonat [common](!) type=friend host=dynamic [a10](!,common) ; EBC context=a10 parkinglot=parkinglot_a10 [a10o](!,common) ; EBC - authorized for outbound calls context=a10o [jintrabartola](a10o) callerid=Joe Intrabartola [tkeeley](a10o) callerid= Terry Keeley [vdemarco](a10o) callerid= Vinny De Marco...

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta This version contains two new builtin actions in the /etc/shorewall/rules file: ACCEPT+ - Like ACCEPT but it also exempts the connection from subsequent DNAT[-] and REDIRECT[-] rules. NONAT - Exempts the connection from subsequent DNAT[-] and REDIRECT[-] rules. These actions solve similar problems reported by Robin M and by Rodrigo Cano. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@s...

...e Internet. Amazingly, this seems to work for my primary ITSP (I wonder what magic they are using to map RTP datagrams from a different IP/port than the SIP setup negotiated?). But it does not work for ENUM destinations. I have tried various sip.conf changes (nat=yes/no, canreinvite=yes/no/ nonat and directrtpsetup=yes/no) values trying to get all RTP traffic to go through the Asterisk box instead of direct but have been unable to do so. Any suggestions? I know, the best way would be to get a SIP aware FW but replacing the current one is not in the budget nor is there an old computer...

Hello, all. We are having a problem where audio for sip channels is dropping upon reinvite. Perhaps it reflects a misunderstanding of what reinvite does. We are running Asterisk 1.6.1.1 on CentOS 5.3. SIP is set to canreinvite=nonat. We have tried RTP with strictrtp set to both yes and no. We have also tried extending the Asterisk rtp port range to accommodate the differing default ranges of the soft phones (Twinkle on Linux, 3CX on Windows). Testing revealed no problems when the soft phones we used for testing were on the...

...9;re both on the private network, but not set up direct media connections for calls between clients on the internet and clients on the private network I haven't yet figured out how to configure Asterisk to achieve this, and thought I'd ask here if it's possible I looked at directmedia=nonat, but AFAICT enabling this option won't set up direct media connections for calls between clients who're both on the private network? Does Asterisk support what I describe?

...asterisk private ip, i am getting sip signaling and it looks okay. i can provide it too if we required. here is my asterisk sip.conf kamailio context looks like [vmserver] type=friend context=default host=***local_ip_of_kamailio*** ; for below three i have tried all available options *directmedia=nonat directrtpsetup=yes nat=yes * t1min=500 disallow=all allow=g729 allow=ulaw allow=alaw allow=gsm qualify=yes let me know how to solve this nating issue also i opened all required ports for sip. and rtp regards Dhaval -------------- next part -------------- An HTML attachment was scrubbed... URL:...

...tmedia=no I can make a call between the two SIP endpoints; the RTP stream being passed through the Asterisk box. Obviously, this is sub-optimal. I attempted to enable bridging of the call between the 2 endpoints directly, given that they are on the same non-routeable private net. With directmedia=nonat, I see Asterisk report the bridging of the calls but both sides of the call are routed to the originating endpoint so effectively, the call becomes an echo-loop. There is no audio on the second end-point although the call remains up. I assume this is some sort of firewall/nat/routing issue. Could...

...recent iptables releases that allows a match to be repeated within a rule. 4) The DISABLE_IPV6 option has been documented in the shorewall.conf man page. The option has been there all along, but it was not previously documented in the man page. 5) If a no-NAT rule (DNAT-, ACCEPT+, NONAT) included a destination IP address and no zone name in the DEST column, Shorewall-perl would reject the rule. If a zone name was specified, Shorewall-perl would issue a Warning message. 6) Following the Netfilter tradition, the IPP2P maintainer has made an incompatible syntax chan...

...e MailScanner warning: numerical links are often malicious: ee.ee.ee.ee access-list PERMIT_IN permit esp any host MailScanner has detected a possible fraud attempt from "ee.ee.ee.ee" claiming to be MailScanner warning: numerical links are often \n malicious: ee.ee.ee.ee access-list NONAT permit ip MailScanner has detected a possible fraud attempt from "192.168.0.0" claiming to be MailScanner warning: numerical \n links are often malicious: 192.168.0.0 MailScanner has detected a possible fraud attempt from "255.255.255.0" claiming to be MailScanner warning: nume...