[asterisk-users] Terrible, horrible firewall issues in * to * setup

Lachek Butalek lachek at gmail.com
Fri Nov 24 15:40:58 MST 2006


Correction: those 'secret' lines are of course all supposed to say '777'. :)

On 11/24/06, Lachek Butalek <lachek at gmail.com> wrote:
> Okay, I *think* I got it, but I must be missing something. Here is
> what the files say on the various boxen:
>
> On *1:
>
> [401]
> type=friend
> secret=password
> qualify=yes
> port=4569
> notransfer=yes
> host=dynamic
> dial=IAX/401
> context=from-internal
>
> [601]
> type=friend
> secret=password
> qualify=yes
> port=4569
> notransfer=no
> host=dynamic
> dial=IAX/601
> context=from-internal
>
> On *2:
>
>  iax.conf:
>
> [601]
> type=friend
> disallow=all
> context=from-internal
> canreinvite=yes
> allow=ulaw
>
> [asterisk-1]
> username=601
> type=peer
> secret=777
> qualify=yes
> host=asterisk-1.someplace.net
> disallow=all
> context=from-internal
> canreinvite=yes
> allow=ulaw
>
> register=601:777 at asterisk-1.someplace.net
>
> extensions.conf:
>
> [outrt-003-CallA1]
> exten => _4XXX,1,Macro(dialout-trunk,1,${EXTEN:1},,)
> exten => _4XXX,n,Macro(outisbusy,)
>
> So now, of course, I can call from *2 to extension 401 on *1 (by
> dialing 4401) without a problem, but I still cannot seem to call from
> *1 to extensions on *2. It's complaining about there not being a route
> to the given extension, which makes sense I guess. I don't know how to
> create a proper outbound route on *1 to *2 since I don't have a trunk
> to direct it to, just a registration. I'm sure I'm lacking something
> fundamental here - any help would be greatly appreciated.
>
> Thanks!
>
> On 11/24/06, Tim Panton <tim at mexuar.com> wrote:
> >
> > On 22 Nov 2006, at 22:21, Lachek Butalek wrote:
> >
> > > My mission is to get one * box to dial another * box' extensions. I
> > > have set this up previously without any issues by making a simple IAX
> > > trunk/extension pair on the two boxes and create a dial plan with a
> > > prefix like 9|XXX to select an extension on the other box.
> > >
> > > My problem is that I now have to do this with extremely restrictive
> > > firewalls thrown into the mix - firewalls I have no control over.
> > > Basically, the setup is:
> > >
> > > *1 <---> FW1 <---> (Internet) <---> FW2 <---> FW3 <---> *2
> > >
> > > I have control over firewall 1 and 3, but not 2. Using port forwarding
> > > (4569 UDP) on FW1, I have been able to make calls from *2 to *1. My
> > > problem lies with making calls the other way, as I have no way of port
> > > forwarding on FW2.
> >
> > If FW2 and FW3 permit outbound UDP and associated replies you won't
> > need to.
> > (even if they NAT them).
> >
> > Set up 4569 on FW1 to go to *1
> > Add *2 as a peer (and user) in iax.conf on *1
> > Do _nothing_ with FW3
> > Set up *2 to _register_ with *1
> >
> > The repeated registration from 2 to 1 will keep the any
> > NAT's and port maps open and tell 1 how to reach 2.
> >
> > (IAX is great)
> >
> > Tim.
> > _______________________________________________
> > --Bandwidth and Colocation provided by Easynews.com --
> >
> > asterisk-users mailing list
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-users
> >
>


More information about the asterisk-users mailing list