<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2><PRE>I struggled with this for several hours tonight.</PRE><PRE>Turns out that if you have an * machine behind NAT, you must put the PUBLIC address in the bindaddr in sip.conf</PRE><PRE>If you don't put it in, the Contact: header contains the NATted address and the sip phone can't get back to *.</PRE><PRE>I don't know what happens if you mix and match sip phones on the local network -- it might not work unless the sip</PRE><PRE>phone uses the public address as well.</PRE><PRE> </PRE><PRE>Hope this helps as I see this thread come up again and again...</PRE><PRE> </PRE><PRE>Andy</PRE><PRE> </PRE><PRE>-------------------</PRE><PRE>Steve,
Sure, I could put all my machines on the public Internet, but that defeats the
purpose of having a firewall in the first place.
As an alternative, I could only place the * server on the outside, but I'd
rather not give the script-kiddies another box to pound.
Steve Totaro wrote:
><I> Can you disable your firewall? i am about to start this phase of asterisk
</I>><I> an would like help from one newbie to another. otherwise this newbie will
</I>><I> let you know how i did it.
</I>><I>
</I>><I>
</I>><I> ----- Original Message -----
</I>><I> From: "Brad Waite" <<A href="mailto:brad@wcubed.net">brad@wcubed.net</A>>
</I>><I> To: <<A href="mailto:asterisk-users@lists.digium.com">asterisk-users@lists.digium.com</A>>
</I>><I> Sent: Saturday, September 20, 2003 9:07 AM
</I>><I> Subject: [Asterisk-Users] Maximum retries exceeded w/SIP
</I>><I>
</I>><I>
</I>><I>
</I>>><I>First of all, I'd like to send a big "thank you" to all the folks who have
</I>>><I>helped me get this far.
</I>>><I>
</I>>><I>Now on to the next problem. Here's my current network setup:
</I>>><I>
</I>>><I>
</I>>><I>The Big I ---+--- FreeBSD FW --- * (10.0.0.253) ---- PC (10.0.0.1)
</I>>><I> |
</I>>><I> +--- Laptop (public IP)
</I>>><I>
</I>>><I>natd is set up with the following rules:
</I>>><I>
</I>>><I>redirect_port udp 10.0.0.253:10000-20000 10000-20000
</I>>><I>redirect_port udp 10.0.0.253:5060 5060
</I>>><I>
</I>>><I>* is set up with the demo/sandbox config.
</I>>><I>
</I>>><I>I'm using XLite as my SIP client and have configured it on PC to work with
</I>><I>
</I>><I> *.
</I>><I>
</I>>><I>I'm able to do everything I've tried so far. I should, though - I'm on
</I>><I>
</I>><I> the inside.
</I>><I>
</I>>><I>However, when trying to make a call from the outside (via Laptop),
</I>><I>
</I>><I> something's
</I>><I>
</I>>><I>breaking. I've set up the SIP proxy in XLite to be the external interface
</I>><I>
</I>><I> on
</I>><I>
</I>>><I>the firewall, and am able to log into the proxy without difficulty. And
</I>><I>
</I>><I> while I
</I>><I>
</I>>><I>can begin conversations, I can't keep them going for long.
</I>>><I>
</I>>><I>For instance, when trying to call <A href="mailto:500@10.0.0.253">500@10.0.0.253</A> (or <A href="mailto:500@FWpublicIP">500@FWpublicIP</A>), I
</I>><I>
</I>><I> get most
</I>><I>
</I>>><I>of the "demo-abouttotry" message - "I am about to attempt an IAX
</I>><I>
</I>><I> connection to a
</I>><I>
</I>>><I>demonstration server located at Di" - at which point it gets cut off. The
</I>>><I>console spits out the following error:
</I>>><I>
</I>>><I>File chan_sip.c, Line 443 (retrans_pkt): Maximum retries exceeded on call
</I>>><I><A href="mailto:FB9CEC48-7CE1-4171-895B-2DF048ED5D1F@12.252.156.250">FB9CEC48-7CE1-4171-895B-2DF048ED5D1F@12.252.156.250</A> for seqno 12384
</I>><I>
</I>><I> (Response)
</I>><I>
</I>>><I>
</I>>><I>Any ideas what could be going on? My first guess is the firewall, but I
</I>><I>
</I>><I> can't
</I>><I>
</I>>><I>figure out why some of the packets would get through while others
</I>><I>
</I>><I> apparently are
</I>><I>
</I>>><I>not. I'm at a loss.
</I>>><I>
</I>>><I>Brad Waite
</I>>><I>aka HankPoacher
</I>>><I>
</I>>><I>_______________________________________________
</I>>><I>Asterisk-Users mailing list
</I>>><I><A href="mailto:Asterisk-Users@lists.digium.com">Asterisk-Users@lists.digium.com</A>
</I>>><I><A href="http://lists.digium.com/mailman/listinfo/asterisk-users">http://lists.digium.com/mailman/listinfo/asterisk-users</A>
</I>>><I>
</I>><I>
</I>><I>
</I>><I> _______________________________________________
</I>><I> Asterisk-Users mailing list
</I>><I> <A href="mailto:Asterisk-Users@lists.digium.com">Asterisk-Users@lists.digium.com</A>
</I>><I> <A href="http://lists.digium.com/mailman/listinfo/asterisk-users">http://lists.digium.com/mailman/listinfo/asterisk-users</A>
</I>><I>
</I>
</PRE><!--endarticle--></FONT></DIV></BODY></HTML>