[Asterisk-Users] RE: Shorewall and asterisk on Mandrake
Chris Albertson
chrisalbertson90278 at yahoo.com
Mon Mar 8 17:49:27 MST 2004
I have your same setup: Asterisk running on a box that
also runs SAhorwall. I can register to both WD and ICH.
One thing I suggest is first getting Asterisk to work
without shorewall.
Next install the firewall but leave it wide open, close it
down incrementally. Also turn on logging of every dropped/rejected
packet and check the log file. If shorewall is getting in the way
you will see the rejects to/from FWD or ICH in the log.
Ask me off-line and I can send some config files but be warned
they are more open then need be.
--- "Patrick Lidstone (Personal E-mail)" <patrick at lidstone.net> wrote:
>
> > I am struggling getting asterisk to work on my firewall box.
> >
> > The Linux box is a firewall running Mandrake 9.2 and
> > shorewall for security and NAT. Asterisk is compiled and
> > running on the firewall box with a modified sample
> > configuration. I am connecting to it using a Sipura on the
> > local LAN. This works fine and I can phone between extensions
> > (2201 and 2202) and access the voicemail menu via extension '8'.
> >
> > Now, I cannot get asterisk to register the two SIP providers I want
> to
> > use: FWD and ICH. The log reports that it did not register -
> > consequently I cant dial '6-612' to get the FWD date-speech.
> >
> > I've configured everything according to the manual and
> > several example config files as referenced on voxilla. The
> > error message I get is a timeout on sip-registration and some
> > rtp timeouts. I assume its a shorewall issue.
> >
> >
> > How do I need to configure Shorewall? (I have the following
> shorewall
> > domains: net, masq, fw, loc used in the rules.conf) Does
> > someone have a sample shorewall config?
> >
> > How can I easily tell that asterisk registered properly with
> > the SIP provider?
> >
> > Could someone post some a current working sample configs for
> > FWD and ICH which indicate the use of the various fields
> > better than the existing
> > samples:
> > * For FWD I have 123456 (the number), AUTO_123456 (the user
> > ID), password.
> > * For ICH I have 1234567890 (the number without 1)
> > 11234567890 (the number with 1), 98765432 (the user id), password.
>
> "Voxilla" doesn't mean anything to me, but I went through a similar
> learning curve a while back. The key to successful registrations
> behind
> nat (for me) are the following entries in sip.conf. My asterisk box
> sits
> on a natted network 192.168.0.x with address 192.168.0.5
>
> ;
> ; SIP Configuration for Asterisk
> ;
> [general]
> port=5060 ; rtp port to bind to
> localnet=192.168.0.0 ; address space for local (natted)
> network
> localmask=255.255.255.0 ; netmask for local (natted) network
> externip=a.b.c.d ; a.b.c.d is public ip address
> of your router
> outside_addr=a.b.c.d ; as above
> bindaddr=192.168.0.5 ; where 192.168.0.5 is the IP address of
> your * box behind NAT
> nat=yes
>
> With these config changes, and asterisk restarted, you should be able
> to
> register ok (as reflected by "sip show registry" from command line.
> This
> is the crucial first step.
>
> In addition, for a bi-directional voice path you will typically
> require
> port forwarding of UDP traffic in the media port range specified in
> rtp.conf to the natted ip address of your asterisk box (192.168.0.5
> in
> this example). A typical rtp.conf file might look like this:
>
> [general]
> rtpstart=50600
> rtpend=50609
>
> You should also configure your firewall to pass UDP traffic
> bi-directionally on port 5060.
>
> It is worth persevering - asterisk does work behind a natted firewall
> with the likes of FWD just fine.
>
> HTH
>
> Patrick
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
=====
Chris Albertson
Home: 310-376-1029 chrisalbertson90278 at yahoo.com
Cell: 310-990-7550
Office: 310-336-5189 Christopher.J.Albertson at aero.org
KG6OMK
__________________________________
Do you Yahoo!?
Yahoo! Search - Find what youre looking for faster
http://search.yahoo.com
More information about the asterisk-users
mailing list