[asterisk-users] Outgoing Calls Only -- Firewall Rules

C F shmaltz at gmail.com
Sun Jan 3 20:25:02 CST 2010


On Sun, Jan 3, 2010 at 9:14 PM, Nicholas Blasgen
<nicholas at refractivedialer.com> wrote:
> I'm trying to move my Asterisk deployments under a Virtual IP address and
> now remember why I dislike this.  My primary Asterisk system is now behind a
> firewall in private address space.  My question is what ports are needed to
> be opened just for the purpose of placing outgoing calls.  I would have
> assumed none, but I can't even get replies on registration from any of my 3
> VoIP providers.  I tried defining the External IP and some other stuff, but
> I assume it's fully an issue with the firewall.  Do I really need 5060 port
> forwarded just to register with remote hosts?

Each NAT device likes it differently.

I usually do the following:
1. Forward udp:5060 (SIP)
2. Forward udp:10000-20000 (RTP)
3. Setup sip.conf so that asterisk knows it's behind nat (externalip,
localnet and sip=yes)

Depending on how fancy your device is, I usually have to turn off all
app level stuff meant for sip. Linksys calls it ALG, Sonicwall
something else etc.

I haven't played with 1.4 or 1.6 yet, only 1.2 so I am not really sure
what needs to be done on the other versions, but I'm assuming it's all
the same.


>
> Nicholas Blasgen
> Partner / Network Operations
> Refractive Dialer LLC
> (724) 252-7436
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>



More information about the asterisk-users mailing list