[Asterisk-Users] RE: Shorewall and asterisk on Mandrake

Chris Albertson chrisalbertson90278 at yahoo.com
Mon Mar 8 17:49:27 MST 2004


I have your same setup: Asterisk running on a box that
also runs SAhorwall.  I can register to both WD and ICH.

One thing I suggest is first getting Asterisk to work
without shorewall.

Next install the firewall but leave it wide open, close it
down incrementally.  Also turn on logging of every dropped/rejected
packet and check the log file.  If shorewall is getting in the way
you will see the rejects to/from FWD or ICH in the log.

Ask me off-line and I can send some config files but be warned
they are more open then need be.  

--- "Patrick Lidstone (Personal E-mail)" <patrick at lidstone.net> wrote:
> 
> > I am struggling getting asterisk to work on my firewall box.
> > 
> > The Linux box is a firewall running Mandrake 9.2 and 
> > shorewall for security and NAT. Asterisk is compiled and 
> > running on the firewall box with a modified sample 
> > configuration. I am connecting to it using a Sipura on the 
> > local LAN. This works fine and I can phone between extensions 
> > (2201 and 2202) and access the voicemail menu via extension '8'.
> > 
> > Now, I cannot get asterisk to register the two SIP providers I want
> to
> > use: FWD and ICH. The log reports that it did not register - 
> > consequently I cant dial '6-612' to get the FWD date-speech. 
> > 
> > I've configured everything according to the manual and 
> > several example config files as referenced on voxilla. The 
> > error message I get is a timeout on sip-registration and some 
> > rtp timeouts. I assume its a shorewall issue.
> > 
> > 
> > How do I need to configure Shorewall? (I have the following
> shorewall
> > domains: net, masq, fw, loc used in the rules.conf) Does 
> > someone have a sample shorewall config?
> > 
> > How can I easily tell that asterisk registered properly with 
> > the SIP provider?
> > 
> > Could someone post some a current working sample configs for 
> > FWD and ICH which indicate the use of the various fields 
> > better than the existing
> > samples:
> > * For FWD I have 123456 (the number), AUTO_123456 (the user 
> > ID), password.
> > * For ICH I have 1234567890 (the number without 1) 
> > 11234567890 (the number with 1), 98765432 (the user id), password.
> 
> "Voxilla" doesn't mean anything to me, but I went through a similar
> learning curve a while back. The key to successful registrations
> behind
> nat (for me) are the following entries in sip.conf. My asterisk box
> sits
> on a natted network 192.168.0.x with address 192.168.0.5
> 
> ;
> ; SIP Configuration for Asterisk
> ;
> [general]
> port=5060                     ; rtp port to bind to
> localnet=192.168.0.0		; address space for local (natted)
> network
> localmask=255.255.255.0		; netmask for local (natted) network
> externip=a.b.c.d		  	; a.b.c.d is public ip address
> of your router
> outside_addr=a.b.c.d		; as above
> bindaddr=192.168.0.5		; where 192.168.0.5 is the IP address of
> your * box behind NAT
> nat=yes
> 
> With these config changes, and asterisk restarted, you should be able
> to
> register ok (as reflected by "sip show registry" from command line.
> This
> is the crucial first step.
> 
> In addition, for a bi-directional voice path you will typically
> require
> port forwarding of UDP traffic in the media port range specified in
> rtp.conf to the natted ip address of your asterisk box (192.168.0.5
> in
> this example). A typical rtp.conf file might look like this:
> 
> [general]
> rtpstart=50600
> rtpend=50609
> 
> You should also configure your firewall to pass UDP traffic
> bi-directionally on port 5060.
> 
> It is worth persevering - asterisk does work behind a natted firewall
> with the likes of FWD just fine.
> 
> HTH
> 
> Patrick
> 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users


=====
Chris Albertson
  Home:   310-376-1029  chrisalbertson90278 at yahoo.com
  Cell:   310-990-7550
  Office: 310-336-5189  Christopher.J.Albertson at aero.org
  KG6OMK

__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com



More information about the asterisk-users mailing list