[asterisk-users] SJphone behind NAT/Firewall without sound

Amit Nagpal anagpal at velankani.com
Fri Apr 4 12:33:19 CDT 2008


Hi,

I re-created your setup locally - even ran your script to setup NAT

192.168.12.2 (SJPhone) <----> 192.168.12.1 (NAT-1) 
                                           |
 -------------(nat box)--------------------
|
(NAT-1) 10.0.15.101  <---> 10.0.15.102 Asterisk

And another client (Xlite) behind a separate NAT.

I made a call from SJPhone to XLite and vice versa - I am getting
Audio in both directions.

I used SJPhone 1.65 on Windows, and Asterisk 1.4.17.

Your problem lies somewhere else. Your script looks just fine.

Regards,
Amit.

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of kazabe
Sent: Friday, April 04, 2008 9:36 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] SJphone behind NAT/Firewall without sound

No. I dont manage the asterisk server.  I just manage my
proxy/firewall, and i need to my users can connect to that server.
The asterisk server is of another company.  But the laptop users can
connect without problem to that server, from any place, except from my
LAN.

This is my scenarie:

LAN-----FW/PROXY------INTERNET--------ASTERISK-SRV

thanks in advance

2008/4/4, Amit Nagpal <anagpal at velankani.com>:
> Is the Asterisk server yours? I am trying to figure out if Asterisk is in
>  your control and if it could be a problem at Asterisk, rather than your
>  SJPhone or your script, because I don't see any glaring problems in the
>  script.
>
>  Regards,
>  Amit.
>
>
>  -----Original Message-----
>  From: asterisk-users-bounces at lists.digium.com
>  [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of kazabe
>  Sent: Friday, April 04, 2008 9:00 AM
>  To: asterisk-users at lists.digium.com
>  Subject: [asterisk-users] SJphone behind NAT/Firewall without sound
>
>  Hi.
>
>  I need connect some LAN stations with SJphone to an Asterisk Server
>  published on Internet.
>
>  My Lan Clients access to Internet using a small linux firewall/proxy
>  server.  I use the next firewall script.  That is a simple script with
>  default policy ACCEPT, and NAT to share Internet.    I can connect to
>  the asterisk server, authtenticate the users in the server, and dial
>  to any extension,  but we can ear any sound.    I need some additional
>  rules in my script?
>
>  Thanks in advance
>
>  #!/bin/bash
>  IPTABLES=/sbin/iptables
>  EXT="eth0"
>  INT="eth1"
>  case "$1" in
>         start)
>                 echo "1" > /proc/sys/net/ipv4/ip_forward
>                 $IPTABLES -F INPUT
>                 $IPTABLES -F OUTPUT
>                 $IPTABLES -F FORWARD
>                 $IPTABLES -F
>                 $IPTABLES -t nat -F
>                 $IPTABLES -t nat -A POSTROUTING -s 192.168.12.0/24 -d
>  0.0.0.0/0 -o
>  $EXT -j MASQUERADE
>                 $IPTABLES -t nat -A PREROUTING -p TCP -s 192.168.12.0/24
>  --dport 80
>  -d -j REDIRECT --to-port 3128
>                 $IPTABLES -A INPUT -i $EXT -p ICMP -j ACCEPT
>                 $IPTABLES -A INPUT -i $EXT -p TCP --dport 22 -m state
>  --state NEW -j ACCEPT
>                 $IPTABLES -A INPUT -i $EXT -p TCP --dport 443 -m state
>  --state NEW -j ACCEPT
>                 $IPTABLES -A INPUT -i $EXT -p TCP --dport 80 -m state
>  --state NEW -j ACCEPT
>                 $IPTABLES -A INPUT -p TCP -m state --state RELATED -j
ACCEPT
>                 $IPTABLES -A INPUT -i $EXT -m state --state NEW,INVALID -j
>  DROP
>                 $IPTABLES -A FORWARD -i $EXT -m state --state NEW,INVALID
-j
>  DROP
>                 ;;
>         stop)
>                 $IPTABLES -F INPUT
>                 $IPTABLES -F OUTPUT
>                 $IPTABLES -F FORWARD
>                 $IPTABLES -F
>                 $IPTABLES -t nat -F
>                         ;;
>         restart)
>                         $0 stop
>                         sleep 2
>                         $0 start
>                 ;;
>         status)
>                 $IPTABLES -L
>                 $IPTABLES --table nat --list --exact --verbose --numeric
>  --line-numbers
>                 ;;
>         *)
>                 echo "Usage: $0 {start|stop|restart|status}"
>                 exit 1
>  esac
>  exit 0
>
>  --
>  "Imagination is more important than knowlege"
>  A.E.
>
>
> _______________________________________________
>  -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
>  asterisk-users mailing list
>  To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
>  _______________________________________________
>  -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
>  asterisk-users mailing list
>  To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>


-- 
"Imagination is more important than knowlege"
A.E.

_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users





More information about the asterisk-users mailing list