[asterisk-users] Terrible,
horrible firewall issues in * to * setup
Lachek Butalek
lachek at gmail.com
Fri Nov 24 15:40:05 MST 2006
Okay, I *think* I got it, but I must be missing something. Here is
what the files say on the various boxen:
On *1:
[401]
type=friend
secret=password
qualify=yes
port=4569
notransfer=yes
host=dynamic
dial=IAX/401
context=from-internal
[601]
type=friend
secret=password
qualify=yes
port=4569
notransfer=no
host=dynamic
dial=IAX/601
context=from-internal
On *2:
iax.conf:
[601]
type=friend
disallow=all
context=from-internal
canreinvite=yes
allow=ulaw
[asterisk-1]
username=601
type=peer
secret=777
qualify=yes
host=asterisk-1.someplace.net
disallow=all
context=from-internal
canreinvite=yes
allow=ulaw
register=601:777 at asterisk-1.someplace.net
extensions.conf:
[outrt-003-CallA1]
exten => _4XXX,1,Macro(dialout-trunk,1,${EXTEN:1},,)
exten => _4XXX,n,Macro(outisbusy,)
So now, of course, I can call from *2 to extension 401 on *1 (by
dialing 4401) without a problem, but I still cannot seem to call from
*1 to extensions on *2. It's complaining about there not being a route
to the given extension, which makes sense I guess. I don't know how to
create a proper outbound route on *1 to *2 since I don't have a trunk
to direct it to, just a registration. I'm sure I'm lacking something
fundamental here - any help would be greatly appreciated.
Thanks!
On 11/24/06, Tim Panton <tim at mexuar.com> wrote:
>
> On 22 Nov 2006, at 22:21, Lachek Butalek wrote:
>
> > My mission is to get one * box to dial another * box' extensions. I
> > have set this up previously without any issues by making a simple IAX
> > trunk/extension pair on the two boxes and create a dial plan with a
> > prefix like 9|XXX to select an extension on the other box.
> >
> > My problem is that I now have to do this with extremely restrictive
> > firewalls thrown into the mix - firewalls I have no control over.
> > Basically, the setup is:
> >
> > *1 <---> FW1 <---> (Internet) <---> FW2 <---> FW3 <---> *2
> >
> > I have control over firewall 1 and 3, but not 2. Using port forwarding
> > (4569 UDP) on FW1, I have been able to make calls from *2 to *1. My
> > problem lies with making calls the other way, as I have no way of port
> > forwarding on FW2.
>
> If FW2 and FW3 permit outbound UDP and associated replies you won't
> need to.
> (even if they NAT them).
>
> Set up 4569 on FW1 to go to *1
> Add *2 as a peer (and user) in iax.conf on *1
> Do _nothing_ with FW3
> Set up *2 to _register_ with *1
>
> The repeated registration from 2 to 1 will keep the any
> NAT's and port maps open and tell 1 how to reach 2.
>
> (IAX is great)
>
> Tim.
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list