[asterisk-users] Terrible, horrible firewall issues in * to * setup

Tim Panton tim at mexuar.com
Sun Nov 26 08:02:31 MST 2006


On 24 Nov 2006, at 22:40, Lachek Butalek wrote:

> Okay, I *think* I got it, but I must be missing something. Here is
> what the files say on the various boxen:
>
> On *1:
>
> [401]
> type=friend
> secret=password
> qualify=yes
> port=4569
> notransfer=yes
> host=dynamic
> dial=IAX/401
> context=from-internal
>
> [601]
> type=friend
> secret=password
> qualify=yes
> port=4569
> notransfer=no
> host=dynamic
> dial=IAX/601
> context=from-internal
>
> On *2:
>
> iax.conf:
>
> [601]
> type=friend
> disallow=all
> context=from-internal
> canreinvite=yes
> allow=ulaw
>
> [asterisk-1]
> username=601
> type=peer
> secret=777
> qualify=yes
> host=asterisk-1.someplace.net
> disallow=all
> context=from-internal
> canreinvite=yes
> allow=ulaw
>
> register=601:777 at asterisk-1.someplace.net
>
> extensions.conf:
>
> [outrt-003-CallA1]
> exten => _4XXX,1,Macro(dialout-trunk,1,${EXTEN:1},,)
> exten => _4XXX,n,Macro(outisbusy,)
>
> So now, of course, I can call from *2 to extension 401 on *1 (by
> dialing 4401) without a problem, but I still cannot seem to call from
> *1 to extensions on *2. It's complaining about there not being a route
> to the given extension, which makes sense I guess. I don't know how to
> create a proper outbound route on *1 to *2 since I don't have a trunk
> to direct it to, just a registration. I'm sure I'm lacking something
> fundamental here - any help would be greatly appreciated.

I'm not exactly sure which lines of the above come from which  
machine....
but I think you have it right.....

Check that running:

iax2 show peers

on *1 gives you an entry for 601 (i.e. *2)

if it does, all you should need is :

exten => _4XXX,1,dial(iax2/601/${EXTEN:1})

(The trick being that you can put a peer entry name
into the iax2 dial string to _represent_ a dynamic host+port)

Also,  get rid of the port=4569
settings on the individual iax.conf entries
it is the default and it won't be right if one of your
firewalls does port mapping...

Tim Panton

www.mexuar.net
www.westhawk.co.uk/





More information about the asterisk-users mailing list