AW: [Asterisk-Users] Re: asterisk with german SIPGATE ?

Rich Adamson radamson at routers.com
Sun May 9 10:03:52 MST 2004 

> I´ve behind a firewall (Linux FLI4L) - but i have configured all possible
> Forwardings.
> Two Problems at this time:
> a) after many tries I have registered on siptel
> *CLI> sip show registry
> Host                  Username     Refresh State
> 217.10.79.9:5060      8003440          120 Registered
> 
> I can make calls - but I can´t hear anything!
> -snip-
> I think the problem is that the RDP is not coming to the Asterisk?
> SIPGate-Website shows me as online!
> -snip-
> My Router is 0n 192.168.0.1, my Asterisk Server is 192.168.0.105
> Here are my portforwardings:
> PORTFW_10='5004 192.168.0.105 UDP'	 # Port für SIP (RTP) zum Debian
> PORTFW_11='5060 192.168.0.105 tcp'	 # Port für SIP TCP zum Debian
> PORTFW_12='5060 192.168.0.105 udp'	 # Port für SIP UDP zum Debian
> PORTFW_13='5060 192.168.0.105 tcp'	 # Port für SIP UDP zum Debian
> PORTFW_14='5070-5080 192.168.0.105 udp'	 # für das RTP vom SIP-Phone
> PORTFW_24='8000-8012 192.168.0.105 udp'  # SIPGATE ?!?!
> PORTFW_25='10000-20000 192.168.0.105 udp'# SIP ?!?!

The problem is directly assoicated with rtp traffic for sure.

The sip register function happens across port 5060 just fine because
"your" system initiates that conversion, and "your" firewall allows
the conversation because you initiated.

The rtp traffic (voice) uses "negotiated" udp ports that are not very
predicatable, are not standard ports between different devices, and can
be changed by the person controlling the equipment at either end.
About the only realistic way to get a handle on exactly which ports
are attempted is to install a packet sniffer (like ethereal) and "look"
at what ports are trying to be used. (This has been discussed many many
times on the list, and you should be able to find hundreds if not
thousands of references to it as well as on the wiki.)

Asterisk attempts to use udp ports between 10,000 and 20,000 (defined
in rtp.conf file), Cisco 79x0 phones between ports 16,384 and 32766, etc.
Given that I see 8000-8012 in the above table, I assume your trying to
use xten as well. Not sure if they still use those ports or not.

The problem is basically related to the distant end attempting to contact
your asterisk using some unknown/undocumented port, and your firewall 
or router is blocking that (as it should be). For testing purposes,
open up all inbound udp ports from 5000 to 50000, and then play around
with the nat configuration statements in your sip.conf. The more
appropriate way to do this really is to use ethereal to determine the
exact ports needed as mentioned, and only open those up.

More information about the asterisk-users mailing list