I have your same setup: Asterisk running on a box that also runs SAhorwall. I can register to both WD and ICH.
One thing I suggest is first getting Asterisk to work without shorewall. Next install the firewall but leave it wide open, close it down incrementally. Also turn on logging of every dropped/rejected packet and check the log file. If shorewall is getting in the way you will see the rejects to/from FWD or ICH in the log. Ask me off-line and I can send some config files but be warned they are more open then need be. --- "Patrick Lidstone (Personal E-mail)" <[EMAIL PROTECTED]> wrote: > > > I am struggling getting asterisk to work on my firewall box. > > > > The Linux box is a firewall running Mandrake 9.2 and > > shorewall for security and NAT. Asterisk is compiled and > > running on the firewall box with a modified sample > > configuration. I am connecting to it using a Sipura on the > > local LAN. This works fine and I can phone between extensions > > (2201 and 2202) and access the voicemail menu via extension '8'. > > > > Now, I cannot get asterisk to register the two SIP providers I want > to > > use: FWD and ICH. The log reports that it did not register - > > consequently I cant dial '6-612' to get the FWD date-speech. > > > > I've configured everything according to the manual and > > several example config files as referenced on voxilla. The > > error message I get is a timeout on sip-registration and some > > rtp timeouts. I assume its a shorewall issue. > > > > > > How do I need to configure Shorewall? (I have the following > shorewall > > domains: net, masq, fw, loc used in the rules.conf) Does > > someone have a sample shorewall config? > > > > How can I easily tell that asterisk registered properly with > > the SIP provider? > > > > Could someone post some a current working sample configs for > > FWD and ICH which indicate the use of the various fields > > better than the existing > > samples: > > * For FWD I have 123456 (the number), AUTO_123456 (the user > > ID), password. > > * For ICH I have 1234567890 (the number without 1) > > 11234567890 (the number with 1), 98765432 (the user id), password. > > "Voxilla" doesn't mean anything to me, but I went through a similar > learning curve a while back. The key to successful registrations > behind > nat (for me) are the following entries in sip.conf. My asterisk box > sits > on a natted network 192.168.0.x with address 192.168.0.5 > > ; > ; SIP Configuration for Asterisk > ; > [general] > port=5060 ; rtp port to bind to > localnet=192.168.0.0 ; address space for local (natted) > network > localmask=255.255.255.0 ; netmask for local (natted) network > externip=a.b.c.d ; a.b.c.d is public ip address > of your router > outside_addr=a.b.c.d ; as above > bindaddr=192.168.0.5 ; where 192.168.0.5 is the IP address of > your * box behind NAT > nat=yes > > With these config changes, and asterisk restarted, you should be able > to > register ok (as reflected by "sip show registry" from command line. > This > is the crucial first step. > > In addition, for a bi-directional voice path you will typically > require > port forwarding of UDP traffic in the media port range specified in > rtp.conf to the natted ip address of your asterisk box (192.168.0.5 > in > this example). A typical rtp.conf file might look like this: > > [general] > rtpstart=50600 > rtpend=50609 > > You should also configure your firewall to pass UDP traffic > bi-directionally on port 5060. > > It is worth persevering - asterisk does work behind a natted firewall > with the likes of FWD just fine. > > HTH > > Patrick > > _______________________________________________ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users ===== Chris Albertson Home: 310-376-1029 [EMAIL PROTECTED] Cell: 310-990-7550 Office: 310-336-5189 [EMAIL PROTECTED] KG6OMK __________________________________ Do you Yahoo!? Yahoo! Search - Find what you�re looking for faster http://search.yahoo.com _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
