[Asterisk-Users] Asterisk behind openBSD firewall/NAT
Karim Mardhani
karim at zeecore.net
Fri Jul 30 05:13:46 MST 2004
Hi All:
Has anybody been able to get Asterisk work behind a openBSD
firewall/NAT? If you have then would it be possible to share your
pf.config file?
I am trying to get Asterisk which is behind an openBSD firewall/NAT to
register with FWD but can't get it to talk. I have captured IP traffic
on udp port 5060 using tcpdump on both internal and external interfaces
of my openBSD gateway (the logs are at the end of this e-mail).
From the tcpdump logs I can see that a message is sent to FWD out from
the external interface and response is received from FWD on udp port
5060 but the response is not forwarded to Asterisk. Here are my NAT and
FILTER rules: (tl0 is the external interface, xl0 is the internal
interface)
nat on tl0 inet from 192.168.0.0/24 to any -> (tl0) round-robin
rdr on xl0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8021
rdr pass on tl0 inet proto tcp from any to (tl0) port = sip -> 192.168.0.3
rdr pass on tl0 inet proto udp from any to 209.89.66.243 port = sip ->
192.168.0.3 port 5060
Tcpdump output on the external interface of gateway (filtered for udp port
5060):
tcpdump: listening on tl0
05:51:58.622714 243.209-89-66-0.interbaun.com.57199 > 192.246.69.223.sip:
udp 376 (DF) (ttl 63, id 23576)
05:51:58.716031 192.246.69.223.sip > 243.209-89-66-0.interbaun.com.sip:
udp 462 (DF) (ttl 47, id 0)
05:51:59.622771 243.209-89-66-0.interbaun.com.57199 > 192.246.69.223.sip:
udp 376 (DF) (ttl 63, id 23577)
05:51:59.716004 192.246.69.223.sip > 243.209-89-66-0.interbaun.com.sip:
udp 462 (DF) (ttl 47, id 0)
05:52:00.623539 243.209-89-66-0.interbaun.com.57199 > 192.246.69.223.sip:
udp 376 (DF) (ttl 63, id 23578)
05:52:00.719989 192.246.69.223.sip > 243.209-89-66-0.interbaun.com.sip:
udp 462 (DF) (ttl 47, id 0)
05:52:01.624328 243.209-89-66-0.interbaun.com.57199 > 192.246.69.223.sip:
udp 376 (DF) (ttl 63, id 23579)
05:52:01.716980 192.246.69.223.sip > 243.209-89-66-0.interbaun.com.sip:
udp 462 (DF) (ttl 47, id 0)
05:52:02.624107 243.209-89-66-0.interbaun.com.57199 > 192.246.69.223.sip:
udp 376 (DF) (ttl 63, id 23580)
05:52:02.715968 192.246.69.223.sip > 243.209-89-66-0.interbaun.com.sip:
udp 462 (DF) (ttl 47, id 0)
05:52:03.623884 243.209-89-66-0.interbaun.com.57199 > 192.246.69.223.sip:
udp 376 (DF) (ttl 63, id 23581)
05:52:03.715954 192.246.69.223.sip > 243.209-89-66-0.interbaun.com.sip:
udp 462 (DF) (ttl 47, id 0)
05:52:18.645348 243.209-89-66-0.interbaun.com.57199 > 192.246.69.223.sip:
udp 376 (DF) (ttl 63, id 23582)
05:52:18.737143 192.246.69.223.sip > 243.209-89-66-0.interbaun.com.sip:
udp 462 (DF) (ttl 47, id 0)
Tcpdump output at the internal interface
tcpdump: listening on xl0
06:05:00.451172 192.168.0.3.sip > fwd.pulver.com.sip: udp 376 (DF) (ttl
64, id 23811)
06:05:01.450934 192.168.0.3.sip > fwd.pulver.com.sip: udp 376 (DF) (ttl
64, id 23812)
06:05:02.450711 192.168.0.3.sip > fwd.pulver.com.sip: udp 376 (DF) (ttl
64, id 23813)
06:05:03.451502 192.168.0.3.sip > fwd.pulver.com.sip: udp 376 (DF) (ttl
64, id 23814)
06:05:04.451286 192.168.0.3.sip > fwd.pulver.com.sip: udp 376 (DF) (ttl
64, id 23815)
Regards,
Karim Mardhani
ZeeCore Consulting
More information about the asterisk-users
mailing list