[Asterisk-Users] Sipura SPA2000 behind NAT

Guillermo Salas M gsalas at manta.telconet.net
Sat Jul 2 13:55:49 MST 2005 

Carlos,

Thank you for your fast response :) , this is the output of iptables -nL
on my linux box:

root at razametal:/home/guillermo # iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  192.168.0.0/24       0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            192.168.0.0/24

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

root at razametal:/home/guillermo # iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.0.0/24       0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


This is my very-small and simple firewall script:
root at razametal:/home/guillermo # cat /etc/init.d/firewall
# Cargar Modulos
modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
modprobe ip_nat_irc
modprobe ip_conntrack_irc

# Habilitar el forward
echo 1 > /proc/sys/net/ipv4/ip_forward

# Flush
iptables -X
iptables -F
iptables -X -t nat
iptables -F -t nat

# Habilitar nat para 192.168.0.0/24
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE
# Permitir el forward para 192.168.0.0/24
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT

# EOF


On Sat, 2005-07-02 at 16:39 -0400, Carlos Alperin wrote:
> Guillermo,
> 
> This is an issue with your router. Do you have open the ports 5060 for SIP?
> Also, RTP needs to be open from 16384 to 32767.
> 
> Saludos,
> 
> Carlos Alperin
> Senior System Engineer 
> Seneca Communications, LLC
> calperin at senecacom.net
> 
> 
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Guillermo
> Salas M
> Sent: Saturday, July 02, 2005 4:13 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: [Asterisk-Users] Sipura SPA2000 behind NAT
> 
> Hi, I've one Sipura SPA2000 at home behind a linuxbox with two network
> adapters (eth0 for WAN and eth1 for LAN) doing NAT/DHCP:
> 
> 
> ___________ HOME _______________       ____OFFICE ____
> SPA2000     <---> Linux Box       <--> Asterisk Box
> 192.168.0.253    192.168.0.1 eth1      200.93.xxx.a
>                  200.93.xxx.b eth0
> 
> My problem is when I try to call to any trunk or extention I can the
> audio when the destination is ringing, but I can hear the voice of the
> person when it reponds. The person in the other side can hear me, but I
> can not hear anything from him. I can not hear the voice prompts for the
> voicemail (*98) or the operator voice, but can leave voice messages to
> other SIP devices and they can hear my messages.
> 
> This is my sip.conf
> [105]
> username=105
> type=friend
> secret=105
> qualify=no
> port=5060
> nat=yes
> mailbox=105 at default
> host=dynamic
> dtmfmode=rfc2833
> context=from-internal
> canreinvite=no
> callerid="Guilllermo Salas HOME" <105>
> 
> My ext on line 1 of the Sipura is 105, and is registred with the * box:
>     -- Registered SIP '105' at 200.93.220.27 port 5060 expires 3600
> 
> asterisk*CLI> sip show peer 105
> asterisk*CLI>
> 
>   * Name       : 105
>   Secret       : <Set>
>   MD5Secret    : <Not set>
>   Context      : from-internal
>   Language     : es
>   FromUser     :
>   FromDomain   :
>   Callgroup    :  (0)
>   Pickupgroup  :  (0)
>   Mailbox      : 105 at default
>   LastMsgsSent : 2
>   Dynamic      : Yes
>   Expire       : 4
>   Expiry       : 900
>   Insecure     : No
>   Nat          : Always
>   ACL          : No
>   CanReinvite  : No
>   PromiscRedir : No
>   DTMFmode     : rfc2833
>   LastMsg      : 0
>   ToHost       :
>   Addr->IP     : 200.93.xxx.xb Port 5060
>   Defaddr->IP  : 0.0.0.0 Port 5060
>   Username     : 105
>   Codecs       : 0xc011f (g723|gsm|ulaw|alaw|g726|g729|h261|h263)
>   Codec Order  : (g729|g723|gsm|g726|ulaw|alaw|h261|h263)
>   Status       : UNKNOWN
>   Useragent    :
>   Full Contact : sip:105 at 192.168.0.253:5060
> 
> And this is the output of sip debug peer 105 when I call to *98 (for
> voice messages):
> 
> asterisk*CLI> sip debug peer 105
> SIP Debugging Enabled for IP: 200.93.xxx.xb:5060
> 
> Sip read:
> NOTIFY sip:sip.mydomain.net SIP/2.0
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-67ea7370
> From: Guillermo Salas M <sip:105 at sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:sip.mydomain.net>
> Call-ID: a584ba93-53c0013c at 192.168.0.253
> CSeq: 4 NOTIFY
> Max-Forwards: 70
> Event: keep-alive
> User-Agent: Sipura/SPA2000-2.0.2
> Content-Length: 0
> 
> 
> 10 headers, 0 lines
> Transmitting (no NAT):
> SIP/2.0 200 OK
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-67ea7370
> From: Guillermo Salas M <sip:105 at sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:sip.mydomain.net>;tag=as038653dd
> Call-ID: a584ba93-53c0013c at 192.168.0.253
> CSeq: 4 NOTIFY
> User-Agent: Asterisk PBX
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
> Contact:
> Content-Length: 0
> 
> 
>  to 200.93.xxx.xb:5060
> Destroying call 'a584ba93-53c0013c at 192.168.0.253'
> 
> asterisk*CLI>
> 
> Sip read:
> NOTIFY sip:sip.mydomain.net SIP/2.0
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-d386a279
> From: Guillermo Salas M <sip:105 at sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:sip.mydomain.net>
> Call-ID: a584ba93-53c0013c at 192.168.0.253
> CSeq: 6 NOTIFY
> Max-Forwards: 70
> Event: keep-alive
> User-Agent: Sipura/SPA2000-2.0.2
> Content-Length: 0
> 
> 
> 10 headers, 0 lines
> Transmitting (no NAT):
> SIP/2.0 200 OK
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-d386a279
> From: Guillermo Salas M <sip:105 at sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:sip.mydomain.net>;tag=as5099fa8f
> Call-ID: a584ba93-53c0013c at 192.168.0.253
> CSeq: 6 NOTIFY
> User-Agent: Asterisk PBX
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
> Contact:
> Content-Length: 0
> 
> 
>  to 200.93.xxx.xb:5060
> Destroying call 'a584ba93-53c0013c at 192.168.0.253'
> asterisk*CLI>
> 
> 
> I dial *98 to get into the voice message system:
> 
> asterisk*CLI>
> 
> Sip read:
> ACK sip:*98 at sip.mydomain.net SIP/2.0
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-600583f3
> From: Guillermo Salas M <sip:105 at sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:*98 at sip.mydomain.net>;tag=as65eec750
> Call-ID: 636a9064-eba36dcb at 192.168.0.253
> CSeq: 101 ACK
> Max-Forwards: 70
> Contact: Guillermo Salas M <sip:105 at 192.168.0.253>
> User-Agent: Sipura/SPA2000-2.0.2
> Content-Length: 0
> 
> 
> 10 headers, 0 lines
> asterisk*CLI>
> 
> Sip read:
> INVITE sip:*98 at sip.mydomain.net SIP/2.0
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-ec22067b
> From: Guillermo Salas M <sip:105 at sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:*98 at sip.mydomain.net>
> Call-ID: 636a9064-eba36dcb at 192.168.0.253
> CSeq: 102 INVITE
> Max-Forwards: 70
> Proxy-Authorization: Digest
> username="105",realm="asterisk",nonce="47a68adb",uri="sip:*98 at sip.mydomain.n
> et",algorithm=MD5,response="8e60f592df094f9b852a59544b9da384"
> Contact: Guillermo Salas M <sip:105 at 192.168.0.253>
> Expires: 240
> User-Agent: Sipura/SPA2000-2.0.2
> Content-Length: 422
> Content-Type: application/sdp
> 
> v=0
> o=- 12384 12384 IN IP4 192.168.0.253
> s=-
> c=IN IP4 192.168.0.253
> t=0 0
> m=audio 16468 RTP/AVP 4 0 2 8 18 96 97 98 100 101
> a=rtpmap:4 G723/8000
> a=rtpmap:0 PCMU/8000
> a=rtpmap:2 G726-32/8000
> a=rtpmap:8 PCMA/8000
> a=rtpmap:18 G729a/8000
> a=rtpmap:96 G726-40/8000
> a=rtpmap:97 G726-24/8000
> a=rtpmap:98 G726-16/8000
> a=rtpmap:100 NSE/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-15
> a=ptime:30
> a=sendrecv
> 
> 13 headers, 19 lines
> Using latest request as basis request
> Sending to 192.168.0.253 : 5060 (NAT)
> Found user '105'
> Found RTP audio format 4
> Found RTP audio format 0
> Found RTP audio format 2
> Found RTP audio format 8
> Found RTP audio format 18
> Found RTP audio format 96
> Found RTP audio format 97
> Found RTP audio format 98
> Found RTP audio format 100
> Found RTP audio format 101
> Peer audio RTP is at port 192.168.0.253:16468
> Found description format G723
> Found description format PCMU
> Found description format G726-32
> Found description format PCMA
> Found description format G729a
> Found description format G726-40
> Found description format G726-24
> Found description format G726-16
> Found description format NSE
> Found description format telephone-event
> Capabilities: us - 0xc011f (g723|gsm|ulaw|alaw|g726|g729|h261|h263),
> peer - audio=0x51d (g723|ulaw|alaw|g726|g729|ilbc)/video=0x0 (nothing),
> combined - 0x11d (g723|ulaw|alaw|g726|g729)
> Non-codec capabilities: us - 0x1 (g723), peer - 0x1 (g723), combined -
> 0x1 (g723)
> Looking for *98 in from-internal
> list_route: hop: <sip:105 at 192.168.0.253>
> Transmitting (NAT):
> SIP/2.0 100 Trying
> Via: SIP/2.0/UDP
> 192.168.0.253;branch=z9hG4bK-ec22067b;received=200.93.xxx.xb;rport=5060
> From: Guillermo Salas M <sip:105 at sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:*98 at sip.mydomain.net>;tag=as58095e00
> Call-ID: 636a9064-eba36dcb at 192.168.0.253
> CSeq: 102 INVITE
> User-Agent: Asterisk PBX
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
> Contact: <sip:*98 at 200.93.xxx.xa>
> Content-Length: 0
> 
> 
>  to 200.93.xxx.xb:5060
>     -- Executing Answer("SIP/105-6408", "") in new stack
> We're at 200.93.xxx.xa port 12436
> Video is at 200.93.xxx.xa port 16274
> Answering with preferred capability 0x100 (g729)
> Answering with preferred capability 0x1 (g723)
> Answering with preferred capability 0x2 (gsm)
> Answering with preferred capability 0x10 (g726)
> Answering with preferred capability 0x4 (ulaw)
> Answering with preferred capability 0x8 (alaw)
> Answering with preferred capability 0x40000 (h261)
> Answering with preferred capability 0x80000 (h263)
> Answering with non-codec capability 0x1 (telephone-event)
> Reliably Transmitting (NAT):
> SIP/2.0 200 OK
> Via: SIP/2.0/UDP
> 192.168.0.253;branch=z9hG4bK-ec22067b;received=200.93.xxx.xb;rport=5060
> From: Guillermo Salas M <sip:105 at sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:*98 at sip.mydomain.net>;tag=as58095e00
> Call-ID: 636a9064-eba36dcb at 192.168.0.253
> CSeq: 102 INVITE
> User-Agent: Asterisk PBX
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
> Contact: <sip:*98 at 200.93.xxx.xa>
> Content-Type: application/sdp
> Content-Length: 340
> 
> v=0
> =root 7393 7393 IN IP4 200.93.xxx.xa
> s=session
> c=IN IP4 200.93.xxx.xa
> t=0 0
> m=audio 12436 RTP/AVP 18 4 3 2 0 8 101
> a=rtpmap:18 G729/8000
> a=rtpmap:4 G723/8000
> a=rtpmap:3 GSM/8000
> a=rtpmap:2 G726-32/8000
> a=rtpmap:0 PCMU/8000
> a=rtpmap:8 PCMA/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-16
> a=silenceSupp:off - - - -
> 
>  to 200.93.xxx.xb:5060
>     -- Executing Wait("SIP/105-6408", "1") in new stack
> asterisk*CLI>
> 
> Sip read:
> ACK sip:*98 at 200.93.xxx.xa SIP/2.0
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-ec22067b
> From: Guillermo Salas M <sip:105 at sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:*98 at sip.mydomain.net>;tag=as58095e00
> Call-ID: 636a9064-eba36dcb at 192.168.0.253
> CSeq: 102 ACK
> Max-Forwards: 70
> Proxy-Authorization: Digest
> username="105",realm="asterisk",nonce="47a68adb",uri="sip:*98 at sip.mydomain.n
> et",algorithm=MD5,response="74dd50faa2bb97fdb1a0fe6ce93489de"
> Contact: Guillermo Salas M <sip:105 at 192.168.0.253>
> User-Agent: Sipura/SPA2000-2.0.2
> Content-Length: 0
> 
> 
> 11 headers, 0 lines
>     -- Executing VoiceMailMain("SIP/105-6408", "default") in new stack
>     -- Playing 'vm-login' (language 'es')
> asterisk*CLI>
> 
> Sip read:
> NOTIFY sip:sip.mydomain.net SIP/2.0
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-8ecd1b3e
> From: Guillermo Salas M <sip:105 at sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:sip.mydomain.net>
> Call-ID: a584ba93-53c0013c at 192.168.0.253
> CSeq: 9 NOTIFY
> Max-Forwards: 70
> Event: keep-alive
> User-Agent: Sipura/SPA2000-2.0.2
> Content-Length: 0
> 
> 10 headers, 0 lines
> Transmitting (no NAT):
> SIP/2.0 200 OK
> Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-8ecd1b3e
> From: Guillermo Salas M <sip:105 at sip.mydomain.net>;tag=4f2df183b116b70c
> To: <sip:sip.mydomain.net>;tag=as45caf3ff
> Call-ID: a584ba93-53c0013c at 192.168.0.253
> CSeq: 9 NOTIFY
> User-Agent: Asterisk PBX
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER
> Contact:
> Content-Length: 0
> 
> 
>  to 200.93.xxx.xb:5060
> Destroying call 'a584ba93-53c0013c at 192.168.0.253'
>     -- No username but # key pressed. Using CID '105'
>     -- Playing 'vm-password' (language 'es')
>     -- Incorrect password '' for user '105' (context = <any>)
>     -- Playing 'vm-incorrect-mailbox' (language 'es')
> asterisk*CLI>
> 
> Any hint will be very appreciated,
> 
> 
> Regards,
> 
> 
> Guill3rm0
> 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list