Asterisk 1.4.29 or so. access-list _dmz_acl extended permit udp 10.129.42.0 255.255.255.0 any range 10000 20000 access-list _dmz_acl extended permit udp 10.129.42.0 255.255.255.0 any eq 5060
But yes, all your feedback worked. I didn't need to port-forward any incoming ports, only 5060/10000-20000 for outgoing UDP. The only issue I'm now having is: <--- SIP read from 66.227.100.20:5060 ---> SIP/2.0 200 OK Via: SIP/2.0/UDP 209.34.93.68:5060;branch=z9hG4bK3eb38bde;rport=51566 .... Warning: 392 66.227.100.20:5060 "Noisy feedback tells: pid=9611 req_src_ip=209.34.93.68 req_src_port=51566 in_uri=sip:sip.jnctn.netout_uri=sip: sip.jnctn.net via_cnt==1" 209.34.93.68 is my IP, 209.34.93.68 is Junction Networks (for this example). I also get it from my backbone providers as well so it's likely something to do with that 51566 req_src_port thing. Any idea what this is an how to configure it to a restricted range of IP addresses? Nicholas Blasgen Partner / Network Operations Refractive Dialer LLC (724) 252-7436 On Sun, Jan 3, 2010 at 8:29 PM, Max McGraw <max.mcg...@gmail.com> wrote: > Nicholas, > > you haven't specified which version, which does make > a lot of difference. > > 1.6.x can easily traverse NAT. If you are only making > outbound calls, you shouldn't need to forward 5060. > > Unless you have a special NAT that is blocking > outbound connections, the SIP.conf settings below > should work whether your provider uses SIP > registrations or not. My codec related settings may > not be applicable to your installation : > > ; ------------------------------------- > [general] > dtmfmode=rfc2833 > relaxdtmf=yess > bandwidth=high > disallow=all > allow=ulaw > ; > ; NAT stuff > ; > localnet=192.168.x.0/255.255.255.0 > externip=a.b.c.d:5060 > nat=yes > ; > ; Media stuff > ; > canreinvite=no > ; > ; > [your-voip-provider-para] > ; > context=default > type=friend > ; > ; your provider's outbound gateway > ; > host=w.x.y.z > ; > dtmfmode=rfc2833 > relaxdtmf=yess > disallow=all > allow=ulaw > ; > ; ------------------------------------- > > > On Sun, Jan 3, 2010, Nicholas Blasgen wrote: > > > I'm trying to move my Asterisk deployments under a Virtual IP address and > > now remember why I dislike this. My primary Asterisk system is now > behind a > > firewall in private address space. My question is what ports are needed > to > > be opened just for the purpose of placing outgoing calls. I would have > > assumed none, but I can't even get replies on registration from any of my > 3 > > VoIP providers. I tried defining the External IP and some other stuff, > but > > I assume it's fully an issue with the firewall. Do I really need 5060 > port > > forwarded just to register with remote hosts? > > > > Nicholas Blasgen > > Partner / Network Operations > > Refractive Dialer LLC > > (724) 252-7436 > > > > __________________________________ > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
_______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users