Carlos, Thank you for your fast response :) , this is the output of iptables -nL on my linux box:
[EMAIL PROTECTED]:/home/guillermo # iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 192.168.0.0/24 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 192.168.0.0/24 Chain OUTPUT (policy ACCEPT) target prot opt source destination [EMAIL PROTECTED]:/home/guillermo # iptables -nL -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 192.168.0.0/24 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination This is my very-small and simple firewall script: [EMAIL PROTECTED]:/home/guillermo # cat /etc/init.d/firewall # Cargar Modulos modprobe ip_tables modprobe ip_nat_ftp modprobe ip_conntrack_ftp modprobe ip_nat_irc modprobe ip_conntrack_irc # Habilitar el forward echo 1 > /proc/sys/net/ipv4/ip_forward # Flush iptables -X iptables -F iptables -X -t nat iptables -F -t nat # Habilitar nat para 192.168.0.0/24 iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE # Permitir el forward para 192.168.0.0/24 iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT # EOF On Sat, 2005-07-02 at 16:39 -0400, Carlos Alperin wrote: > Guillermo, > > This is an issue with your router. Do you have open the ports 5060 for SIP? > Also, RTP needs to be open from 16384 to 32767. > > Saludos, > > Carlos Alperin > Senior System Engineer > Seneca Communications, LLC > [EMAIL PROTECTED] > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Guillermo > Salas M > Sent: Saturday, July 02, 2005 4:13 PM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: [Asterisk-Users] Sipura SPA2000 behind NAT > > Hi, I've one Sipura SPA2000 at home behind a linuxbox with two network > adapters (eth0 for WAN and eth1 for LAN) doing NAT/DHCP: > > > ___________ HOME _______________ ____OFFICE ____ > SPA2000 <---> Linux Box <--> Asterisk Box > 192.168.0.253 192.168.0.1 eth1 200.93.xxx.a > 200.93.xxx.b eth0 > > My problem is when I try to call to any trunk or extention I can the > audio when the destination is ringing, but I can hear the voice of the > person when it reponds. The person in the other side can hear me, but I > can not hear anything from him. I can not hear the voice prompts for the > voicemail (*98) or the operator voice, but can leave voice messages to > other SIP devices and they can hear my messages. > > This is my sip.conf > [105] > username=105 > type=friend > secret=105 > qualify=no > port=5060 > nat=yes > [EMAIL PROTECTED] > host=dynamic > dtmfmode=rfc2833 > context=from-internal > canreinvite=no > callerid="Guilllermo Salas HOME" <105> > > My ext on line 1 of the Sipura is 105, and is registred with the * box: > -- Registered SIP '105' at 200.93.220.27 port 5060 expires 3600 > > asterisk*CLI> sip show peer 105 > asterisk*CLI> > > * Name : 105 > Secret : <Set> > MD5Secret : <Not set> > Context : from-internal > Language : es > FromUser : > FromDomain : > Callgroup : (0) > Pickupgroup : (0) > Mailbox : [EMAIL PROTECTED] > LastMsgsSent : 2 > Dynamic : Yes > Expire : 4 > Expiry : 900 > Insecure : No > Nat : Always > ACL : No > CanReinvite : No > PromiscRedir : No > DTMFmode : rfc2833 > LastMsg : 0 > ToHost : > Addr->IP : 200.93.xxx.xb Port 5060 > Defaddr->IP : 0.0.0.0 Port 5060 > Username : 105 > Codecs : 0xc011f (g723|gsm|ulaw|alaw|g726|g729|h261|h263) > Codec Order : (g729|g723|gsm|g726|ulaw|alaw|h261|h263) > Status : UNKNOWN > Useragent : > Full Contact : sip:[EMAIL PROTECTED]:5060 > > And this is the output of sip debug peer 105 when I call to *98 (for > voice messages): > > asterisk*CLI> sip debug peer 105 > SIP Debugging Enabled for IP: 200.93.xxx.xb:5060 > > Sip read: > NOTIFY sip:sip.mydomain.net SIP/2.0 > Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-67ea7370 > From: Guillermo Salas M <sip:[EMAIL PROTECTED]>;tag=4f2df183b116b70c > To: <sip:sip.mydomain.net> > Call-ID: [EMAIL PROTECTED] > CSeq: 4 NOTIFY > Max-Forwards: 70 > Event: keep-alive > User-Agent: Sipura/SPA2000-2.0.2 > Content-Length: 0 > > > 10 headers, 0 lines > Transmitting (no NAT): > SIP/2.0 200 OK > Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-67ea7370 > From: Guillermo Salas M <sip:[EMAIL PROTECTED]>;tag=4f2df183b116b70c > To: <sip:sip.mydomain.net>;tag=as038653dd > Call-ID: [EMAIL PROTECTED] > CSeq: 4 NOTIFY > User-Agent: Asterisk PBX > Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER > Contact: > Content-Length: 0 > > > to 200.93.xxx.xb:5060 > Destroying call '[EMAIL PROTECTED]' > > asterisk*CLI> > > Sip read: > NOTIFY sip:sip.mydomain.net SIP/2.0 > Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-d386a279 > From: Guillermo Salas M <sip:[EMAIL PROTECTED]>;tag=4f2df183b116b70c > To: <sip:sip.mydomain.net> > Call-ID: [EMAIL PROTECTED] > CSeq: 6 NOTIFY > Max-Forwards: 70 > Event: keep-alive > User-Agent: Sipura/SPA2000-2.0.2 > Content-Length: 0 > > > 10 headers, 0 lines > Transmitting (no NAT): > SIP/2.0 200 OK > Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-d386a279 > From: Guillermo Salas M <sip:[EMAIL PROTECTED]>;tag=4f2df183b116b70c > To: <sip:sip.mydomain.net>;tag=as5099fa8f > Call-ID: [EMAIL PROTECTED] > CSeq: 6 NOTIFY > User-Agent: Asterisk PBX > Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER > Contact: > Content-Length: 0 > > > to 200.93.xxx.xb:5060 > Destroying call '[EMAIL PROTECTED]' > asterisk*CLI> > > > I dial *98 to get into the voice message system: > > asterisk*CLI> > > Sip read: > ACK sip:[EMAIL PROTECTED] SIP/2.0 > Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-600583f3 > From: Guillermo Salas M <sip:[EMAIL PROTECTED]>;tag=4f2df183b116b70c > To: <sip:[EMAIL PROTECTED]>;tag=as65eec750 > Call-ID: [EMAIL PROTECTED] > CSeq: 101 ACK > Max-Forwards: 70 > Contact: Guillermo Salas M <sip:[EMAIL PROTECTED]> > User-Agent: Sipura/SPA2000-2.0.2 > Content-Length: 0 > > > 10 headers, 0 lines > asterisk*CLI> > > Sip read: > INVITE sip:[EMAIL PROTECTED] SIP/2.0 > Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-ec22067b > From: Guillermo Salas M <sip:[EMAIL PROTECTED]>;tag=4f2df183b116b70c > To: <sip:[EMAIL PROTECTED]> > Call-ID: [EMAIL PROTECTED] > CSeq: 102 INVITE > Max-Forwards: 70 > Proxy-Authorization: Digest > username="105",realm="asterisk",nonce="47a68adb",uri="sip:[EMAIL PROTECTED] > et",algorithm=MD5,response="8e60f592df094f9b852a59544b9da384" > Contact: Guillermo Salas M <sip:[EMAIL PROTECTED]> > Expires: 240 > User-Agent: Sipura/SPA2000-2.0.2 > Content-Length: 422 > Content-Type: application/sdp > > v=0 > o=- 12384 12384 IN IP4 192.168.0.253 > s=- > c=IN IP4 192.168.0.253 > t=0 0 > m=audio 16468 RTP/AVP 4 0 2 8 18 96 97 98 100 101 > a=rtpmap:4 G723/8000 > a=rtpmap:0 PCMU/8000 > a=rtpmap:2 G726-32/8000 > a=rtpmap:8 PCMA/8000 > a=rtpmap:18 G729a/8000 > a=rtpmap:96 G726-40/8000 > a=rtpmap:97 G726-24/8000 > a=rtpmap:98 G726-16/8000 > a=rtpmap:100 NSE/8000 > a=rtpmap:101 telephone-event/8000 > a=fmtp:101 0-15 > a=ptime:30 > a=sendrecv > > 13 headers, 19 lines > Using latest request as basis request > Sending to 192.168.0.253 : 5060 (NAT) > Found user '105' > Found RTP audio format 4 > Found RTP audio format 0 > Found RTP audio format 2 > Found RTP audio format 8 > Found RTP audio format 18 > Found RTP audio format 96 > Found RTP audio format 97 > Found RTP audio format 98 > Found RTP audio format 100 > Found RTP audio format 101 > Peer audio RTP is at port 192.168.0.253:16468 > Found description format G723 > Found description format PCMU > Found description format G726-32 > Found description format PCMA > Found description format G729a > Found description format G726-40 > Found description format G726-24 > Found description format G726-16 > Found description format NSE > Found description format telephone-event > Capabilities: us - 0xc011f (g723|gsm|ulaw|alaw|g726|g729|h261|h263), > peer - audio=0x51d (g723|ulaw|alaw|g726|g729|ilbc)/video=0x0 (nothing), > combined - 0x11d (g723|ulaw|alaw|g726|g729) > Non-codec capabilities: us - 0x1 (g723), peer - 0x1 (g723), combined - > 0x1 (g723) > Looking for *98 in from-internal > list_route: hop: <sip:[EMAIL PROTECTED]> > Transmitting (NAT): > SIP/2.0 100 Trying > Via: SIP/2.0/UDP > 192.168.0.253;branch=z9hG4bK-ec22067b;received=200.93.xxx.xb;rport=5060 > From: Guillermo Salas M <sip:[EMAIL PROTECTED]>;tag=4f2df183b116b70c > To: <sip:[EMAIL PROTECTED]>;tag=as58095e00 > Call-ID: [EMAIL PROTECTED] > CSeq: 102 INVITE > User-Agent: Asterisk PBX > Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER > Contact: <sip:[EMAIL PROTECTED]> > Content-Length: 0 > > > to 200.93.xxx.xb:5060 > -- Executing Answer("SIP/105-6408", "") in new stack > We're at 200.93.xxx.xa port 12436 > Video is at 200.93.xxx.xa port 16274 > Answering with preferred capability 0x100 (g729) > Answering with preferred capability 0x1 (g723) > Answering with preferred capability 0x2 (gsm) > Answering with preferred capability 0x10 (g726) > Answering with preferred capability 0x4 (ulaw) > Answering with preferred capability 0x8 (alaw) > Answering with preferred capability 0x40000 (h261) > Answering with preferred capability 0x80000 (h263) > Answering with non-codec capability 0x1 (telephone-event) > Reliably Transmitting (NAT): > SIP/2.0 200 OK > Via: SIP/2.0/UDP > 192.168.0.253;branch=z9hG4bK-ec22067b;received=200.93.xxx.xb;rport=5060 > From: Guillermo Salas M <sip:[EMAIL PROTECTED]>;tag=4f2df183b116b70c > To: <sip:[EMAIL PROTECTED]>;tag=as58095e00 > Call-ID: [EMAIL PROTECTED] > CSeq: 102 INVITE > User-Agent: Asterisk PBX > Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER > Contact: <sip:[EMAIL PROTECTED]> > Content-Type: application/sdp > Content-Length: 340 > > v=0 > =root 7393 7393 IN IP4 200.93.xxx.xa > s=session > c=IN IP4 200.93.xxx.xa > t=0 0 > m=audio 12436 RTP/AVP 18 4 3 2 0 8 101 > a=rtpmap:18 G729/8000 > a=rtpmap:4 G723/8000 > a=rtpmap:3 GSM/8000 > a=rtpmap:2 G726-32/8000 > a=rtpmap:0 PCMU/8000 > a=rtpmap:8 PCMA/8000 > a=rtpmap:101 telephone-event/8000 > a=fmtp:101 0-16 > a=silenceSupp:off - - - - > > to 200.93.xxx.xb:5060 > -- Executing Wait("SIP/105-6408", "1") in new stack > asterisk*CLI> > > Sip read: > ACK sip:[EMAIL PROTECTED] SIP/2.0 > Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-ec22067b > From: Guillermo Salas M <sip:[EMAIL PROTECTED]>;tag=4f2df183b116b70c > To: <sip:[EMAIL PROTECTED]>;tag=as58095e00 > Call-ID: [EMAIL PROTECTED] > CSeq: 102 ACK > Max-Forwards: 70 > Proxy-Authorization: Digest > username="105",realm="asterisk",nonce="47a68adb",uri="sip:[EMAIL PROTECTED] > et",algorithm=MD5,response="74dd50faa2bb97fdb1a0fe6ce93489de" > Contact: Guillermo Salas M <sip:[EMAIL PROTECTED]> > User-Agent: Sipura/SPA2000-2.0.2 > Content-Length: 0 > > > 11 headers, 0 lines > -- Executing VoiceMailMain("SIP/105-6408", "default") in new stack > -- Playing 'vm-login' (language 'es') > asterisk*CLI> > > Sip read: > NOTIFY sip:sip.mydomain.net SIP/2.0 > Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-8ecd1b3e > From: Guillermo Salas M <sip:[EMAIL PROTECTED]>;tag=4f2df183b116b70c > To: <sip:sip.mydomain.net> > Call-ID: [EMAIL PROTECTED] > CSeq: 9 NOTIFY > Max-Forwards: 70 > Event: keep-alive > User-Agent: Sipura/SPA2000-2.0.2 > Content-Length: 0 > > 10 headers, 0 lines > Transmitting (no NAT): > SIP/2.0 200 OK > Via: SIP/2.0/UDP 192.168.0.253;branch=z9hG4bK-8ecd1b3e > From: Guillermo Salas M <sip:[EMAIL PROTECTED]>;tag=4f2df183b116b70c > To: <sip:sip.mydomain.net>;tag=as45caf3ff > Call-ID: [EMAIL PROTECTED] > CSeq: 9 NOTIFY > User-Agent: Asterisk PBX > Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER > Contact: > Content-Length: 0 > > > to 200.93.xxx.xb:5060 > Destroying call '[EMAIL PROTECTED]' > -- No username but # key pressed. Using CID '105' > -- Playing 'vm-password' (language 'es') > -- Incorrect password '' for user '105' (context = <any>) > -- Playing 'vm-incorrect-mailbox' (language 'es') > asterisk*CLI> > > Any hint will be very appreciated, > > > Regards, > > > Guill3rm0 > > _______________________________________________ > Asterisk-Users mailing list > [email protected] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
