[asterisk-users] Outgoing Calls Only -- Firewall Rules

Max McGraw max.mcgraw at gmail.com
Sun Jan 3 22:29:35 CST 2010


 Nicholas,

 you haven't specified which version, which does make
 a lot of difference.

 1.6.x  can easily traverse NAT. If you are only making
 outbound calls, you shouldn't need to forward 5060.

 Unless you have a special NAT that is blocking
 outbound connections, the  SIP.conf  settings below
 should work whether your provider uses SIP
 registrations or not. My codec related settings may
 not be applicable to your installation :

 ; -------------------------------------
 [general]
 dtmfmode=rfc2833
 relaxdtmf=yess
 bandwidth=high
 disallow=all
 allow=ulaw
 ;
 ;   NAT stuff
 ;
 localnet=192.168.x.0/255.255.255.0
 externip=a.b.c.d:5060
 nat=yes
 ;
 ;   Media stuff
 ;
 canreinvite=no
 ;
 ;
 [your-voip-provider-para]
 ;
 context=default
 type=friend
 ;
 ;  your provider's outbound gateway
 ;
 host=w.x.y.z
 ;
 dtmfmode=rfc2833
 relaxdtmf=yess
 disallow=all
 allow=ulaw
 ;
 ; -------------------------------------


  On Sun, Jan 3, 2010,   Nicholas Blasgen    wrote:

> I'm trying to move my Asterisk deployments under a Virtual IP address and
> now remember why I dislike this.  My primary Asterisk system is now behind a
> firewall in private address space.  My question is what ports are needed to
> be opened just for the purpose of placing outgoing calls.  I would have
> assumed none, but I can't even get replies on registration from any of my 3
> VoIP providers.  I tried defining the External IP and some other stuff, but
> I assume it's fully an issue with the firewall.  Do I really need 5060 port
> forwarded just to register with remote hosts?
>
> Nicholas Blasgen
> Partner / Network Operations
> Refractive Dialer LLC
> (724) 252-7436
>
> __________________________________



More information about the asterisk-users mailing list