300 seconds is a mighty long time to keep state on a udp connection. Our firewalls time out udp states out in 2 seconds of inactivity. But your point is valid and taken...
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of tim panton Sent: Friday, November 18, 2005 4:59 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] IAX and Firewall On 18 Nov 2005, at 22:01, Piotr A. Sygula wrote: > If teliax ever wants to connect to your asterisk box, as in if they're > providing a DID for you, you will need to allow teliax through the > firewall. > If you're the one originating the connection to them, you don't > need to open > the ingress port. > >> I don't believe so. By registering with the remote server, >> you are giving them the NAT port to get back into your >> server with. All communications will take place on that >> port. > > Registration has nothing to do with NAT. The key here is which side > initiates the connection. Of course this is all under the > assumption that > Joseph's firewall is statefull. Ah, but registration does have something to do with it. Classic IAX re-registers often enough to keep a 'udp connection' (ugh) open through most domestic stateful firewalls. Put another way, Joseph's Asterisk is sending out UDP packets to teliax every 300 seconds (say) (either to register or these days to 'qualify' the link). The firewall sees any inbound packets IAX from teliax as part of that conversation and passes them in to Asterisk. This fails if both the re-registration and qualify period is longer than the time Joseph's firewall keeps the udp state. As to how to debug the original problem, get the firewall to log filtered packets and see if any are from teliax. Also turn on IAX debugging and send us the relevant logs. Tim. _______________________________________________ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
