[Asterisk-Users] RE: Shorewall and asterisk on Mandrake

Patrick Lidstone (Personal E-mail) patrick at lidstone.net
Mon Mar 8 14:56:26 MST 2004


> I am struggling getting asterisk to work on my firewall box.
> 
> The Linux box is a firewall running Mandrake 9.2 and 
> shorewall for security and NAT. Asterisk is compiled and 
> running on the firewall box with a modified sample 
> configuration. I am connecting to it using a Sipura on the 
> local LAN. This works fine and I can phone between extensions 
> (2201 and 2202) and access the voicemail menu via extension '8'.
> 
> Now, I cannot get asterisk to register the two SIP providers I want to
> use: FWD and ICH. The log reports that it did not register - 
> consequently I cant dial '6-612' to get the FWD date-speech. 
> 
> I've configured everything according to the manual and 
> several example config files as referenced on voxilla. The 
> error message I get is a timeout on sip-registration and some 
> rtp timeouts. I assume its a shorewall issue.
> 
> 
> How do I need to configure Shorewall? (I have the following shorewall
> domains: net, masq, fw, loc used in the rules.conf) Does 
> someone have a sample shorewall config?
> 
> How can I easily tell that asterisk registered properly with 
> the SIP provider?
> 
> Could someone post some a current working sample configs for 
> FWD and ICH which indicate the use of the various fields 
> better than the existing
> samples:
> * For FWD I have 123456 (the number), AUTO_123456 (the user 
> ID), password.
> * For ICH I have 1234567890 (the number without 1) 
> 11234567890 (the number with 1), 98765432 (the user id), password.

"Voxilla" doesn't mean anything to me, but I went through a similar
learning curve a while back. The key to successful registrations behind
nat (for me) are the following entries in sip.conf. My asterisk box sits
on a natted network 192.168.0.x with address 192.168.0.5

;
; SIP Configuration for Asterisk
;
[general]
port=5060                     ; rtp port to bind to
localnet=192.168.0.0		; address space for local (natted)
network
localmask=255.255.255.0		; netmask for local (natted) network
externip=a.b.c.d		  	; a.b.c.d is public ip address
of your router
outside_addr=a.b.c.d		; as above
bindaddr=192.168.0.5		; where 192.168.0.5 is the IP address of
your * box behind NAT
nat=yes

With these config changes, and asterisk restarted, you should be able to
register ok (as reflected by "sip show registry" from command line. This
is the crucial first step.

In addition, for a bi-directional voice path you will typically require
port forwarding of UDP traffic in the media port range specified in
rtp.conf to the natted ip address of your asterisk box (192.168.0.5 in
this example). A typical rtp.conf file might look like this:

[general]
rtpstart=50600
rtpend=50609

You should also configure your firewall to pass UDP traffic
bi-directionally on port 5060.

It is worth persevering - asterisk does work behind a natted firewall
with the likes of FWD just fine.

HTH

Patrick




More information about the asterisk-users mailing list