Thanks
Still need a config for the RB.
-----Original Message-----
From: Adam Moffett
Sent: Monday, June 24, 2019 6:29 PM
To: af@af.afmug.com
Subject: Re: [AFMUG] Gonna need some help please.
It can work behind NAT....I'm doing it.
As I recall, I forwarded ports 5060-5070 and 10,000-15,000.
In Asterisk config I had to
* limit Asterisk to using those ports
* specify the real WAN IP so that gets included in SIP messages
* specify the LAN IP's so Asterisk knows when to use it's NAT hacks
* probably canreinvite=no and nat=yes on SIP peers
I didn't do anything on the router other than the port forwarding. You
probably don't need 5,000 RTP ports....but you're probably also not
using them for anything else so it's not going to hurt. This isn't
going to be fiddling with your router config much, it's going to be
mostly fiddling with Asterisk.
Oh, I guess I did add some rules in the Mikrotik to automatically
blacklist IP's that generate too many Auth failure messages on SIP
ports. That keeps the Asterisk logs uncluttered, but isn't strictly
necessary.
-Adam
On 6/24/2019 8:10 PM, Forrest Christian (List Account) wrote:
What are the symptoms?
Are you getting call setup requests but no audio, etc?
setting nat=yes and canreinvite=no fixes a lot of these, at the
expense of having to have all of the call audio going through the
asterisk box. Be aware that this suggestion might be dated since I
haven't dealt with an astersisk setup for quite some time (mine just
keeps chugging along wiht little maintenance).
On Mon, Jun 24, 2019 at 5:34 PM <ch...@wbmfg.com> wrote:
I have an asterisk system speaking to my SIP provider. One end or the
other (or both) do not tolerate NAT. We for years we have had a Static
for the SIP trunks. And a mix of other statics and DHCP circuits for
everything else we do. So coming from the ONT we first hit a switch and
then off to Asterisk, other servers and a RB router.
I am now switching to a /29 for everything. So the ONT ethernet will
first hit a RB2011 iL-IN (assuming it is capable of doing what we need)
and then go to our various other servers as well as the Asterisk system.
I am not a router guy. I took exactly one Cisco router class probably
back in 2003. I may have upgraded one Cisco router once back when you
could buy one license but apply it to multiple devices. Not sure if they
plugged that hole, I imagine they did.
This sounds like it should be trivial. I hope it is trivial. But I
would rather have the borg take a look at it before I start to try to
download the RB manual and go into my autodidactical mode. Too old for
this crap.
76.76.254.48/29 routed to 76.76.252.68
WAN IP: 76.76.252.68
Subnet: 255.255.255.0
Gateway: 76.76.252.1
Routed subnet info:
76.76.254.48/29
subnet mask: 255.255.255.248
available IP's: 76.76.254.49-54
--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
