Asterisk 1.4.29 or so.<br><br>access-list _dmz_acl extended permit udp 10.129.42.0 255.255.255.0 any range 10000 20000<br>access-list _dmz_acl extended permit udp 10.129.42.0 255.255.255.0 any eq 5060<br><br>But yes, all your feedback worked. I didn't need to port-forward any incoming ports, only 5060/10000-20000 for outgoing UDP. The only issue I'm now having is:<br>
<br><--- SIP read from <a href="http://66.227.100.20:5060">66.227.100.20:5060</a> ---><br>SIP/2.0 200 OK<br>Via: SIP/2.0/UDP 209.34.93.68:5060;branch=z9hG4bK3eb38bde;rport=51566<br>....<br>Warning: 392 <a href="http://66.227.100.20:5060">66.227.100.20:5060</a> "Noisy feedback tells: pid=9611 req_src_ip=209.34.93.68 req_src_port=51566 in_uri=sip:<a href="http://sip.jnctn.net">sip.jnctn.net</a> out_uri=sip:<a href="http://sip.jnctn.net">sip.jnctn.net</a> via_cnt==1"<br clear="all">
<br>209.34.93.68 is my IP, 209.34.93.68 is Junction Networks (for this example). I also get it from my backbone providers as well so it's likely something to do with that 51566 req_src_port thing. Any idea what this is an how to configure it to a restricted range of IP addresses?<br>
<br>Nicholas Blasgen<br>Partner / Network Operations<br>Refractive Dialer LLC<br>(724) 252-7436<br>
<br><br><div class="gmail_quote">On Sun, Jan 3, 2010 at 8:29 PM, Max McGraw <span dir="ltr"><<a href="mailto:max.mcgraw@gmail.com">max.mcgraw@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Nicholas,<br>
<br>
you haven't specified which version, which does make<br>
a lot of difference.<br>
<br>
1.6.x can easily traverse NAT. If you are only making<br>
outbound calls, you shouldn't need to forward 5060.<br>
<br>
Unless you have a special NAT that is blocking<br>
outbound connections, the SIP.conf settings below<br>
should work whether your provider uses SIP<br>
registrations or not. My codec related settings may<br>
not be applicable to your installation :<br>
<br>
; -------------------------------------<br>
[general]<br>
dtmfmode=rfc2833<br>
relaxdtmf=yess<br>
bandwidth=high<br>
disallow=all<br>
allow=ulaw<br>
;<br>
; NAT stuff<br>
;<br>
localnet=192.168.x.0/<a href="http://255.255.255.0" target="_blank">255.255.255.0</a><br>
externip=a.b.c.d:5060<br>
nat=yes<br>
;<br>
; Media stuff<br>
;<br>
canreinvite=no<br>
;<br>
;<br>
[your-voip-provider-para]<br>
;<br>
context=default<br>
type=friend<br>
;<br>
; your provider's outbound gateway<br>
;<br>
host=w.x.y.z<br>
;<br>
dtmfmode=rfc2833<br>
relaxdtmf=yess<br>
disallow=all<br>
allow=ulaw<br>
;<br>
; -------------------------------------<br>
<div><div></div><div class="h5"><br>
<br>
On Sun, Jan 3, 2010, Nicholas Blasgen wrote:<br>
<br>
> I'm trying to move my Asterisk deployments under a Virtual IP address and<br>
> now remember why I dislike this. My primary Asterisk system is now behind a<br>
> firewall in private address space. My question is what ports are needed to<br>
> be opened just for the purpose of placing outgoing calls. I would have<br>
> assumed none, but I can't even get replies on registration from any of my 3<br>
> VoIP providers. I tried defining the External IP and some other stuff, but<br>
> I assume it's fully an issue with the firewall. Do I really need 5060 port<br>
> forwarded just to register with remote hosts?<br>
><br>
> Nicholas Blasgen<br>
> Partner / Network Operations<br>
> Refractive Dialer LLC<br>
> (724) 252-7436<br>
><br>
</div></div>> __________________________________<br>
<div><div></div><div class="h5"><br>
_______________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</div></div></blockquote></div><br>