He was just using 300 as an example. Iax is rather chatty in that it does the equivalent of a keep-alive every 60 seconds (give or take a few seconds).
------------------------ > 300 seconds is a mighty long time to keep state on a udp connection. Our > firewalls time out udp states out in 2 seconds of inactivity. But your > point is valid and taken... > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of tim panton > Sent: Friday, November 18, 2005 4:59 PM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: Re: [Asterisk-Users] IAX and Firewall > > > On 18 Nov 2005, at 22:01, Piotr A. Sygula wrote: > > > If teliax ever wants to connect to your asterisk box, as in if they're > > providing a DID for you, you will need to allow teliax through the > > firewall. > > If you're the one originating the connection to them, you don't > > need to open > > the ingress port. > > > >> I don't believe so. By registering with the remote server, > >> you are giving them the NAT port to get back into your > >> server with. All communications will take place on that > >> port. > > > > Registration has nothing to do with NAT. The key here is which side > > initiates the connection. Of course this is all under the > > assumption that > > Joseph's firewall is statefull. > > Ah, but registration does have something to do with it. > Classic IAX re-registers often enough to keep a 'udp connection' (ugh) > open through most domestic stateful firewalls. > > Put another way, Joseph's Asterisk is sending out UDP packets to > teliax every > 300 seconds (say) (either to register or these days to 'qualify' the > link). The firewall > sees any inbound packets IAX from teliax as part of that conversation > and passes them > in to Asterisk. > > This fails if both the re-registration and qualify period is longer > than the > time Joseph's firewall keeps the udp state. > > As to how to debug the original problem, get the firewall to log > filtered packets and see if > any are from teliax. Also turn on IAX debugging and send us the > relevant logs. > > Tim. > _______________________________________________ > --Bandwidth and Colocation sponsored by Easynews.com -- > > Asterisk-Users mailing list > [email protected] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > > _______________________________________________ > --Bandwidth and Colocation sponsored by Easynews.com -- > > Asterisk-Users mailing list > [email protected] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > ---------------End of Original Message----------------- _______________________________________________ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
