Michael, One way audio is a classic misconfiguration issue with SIP, a misconfiguration of the firewall, Asterisk, SIP Phones, etc. .
First, your Firewall tab's setting of "VoIP UDP Ports: 16384:16415" only applies to Traffic Shaping when enabled, nothing else, but let's assume this is your SIP RTP range. Let's make a few more assumptions, correct me if I am wrong: 1) Your AstLinux external interface has a public IPv4 address and this is where Asterisk is running. 2) Your SIP Phones are in an internal LAN, and directmedia=no as you stated. 3) Your RTP port range is UDP 16384-16415 As such... In sip.conf: localnet, externaddr or externhost should *not* be defined. Also nat=no should be defined in [general] . In rtp.conf: rtpstart=16384 and rtpend=16415 In the Firewall: Pass EXT->Local UDP 0/0 16384-16415 (make sure sip-voip plugin is disabled) Do *not* Pass EXT->Local UDP 5060 if you are simply trunking for local SIP phones, the register or qualify to the public SIP server will automatically open the firewall state. Though if you have remote SIP phones or another asterisk trying to register with your AstLinux box, then a port must be opened for that case. Use the dyndns-host-open plugin (which works for static DNS as well) or open UDP 5060 using remote IPv4 address or use TCP or TLS to better secure your box. Finally, configure your local SIP Phones to talk directly to your local Asterisk on your local interface's gateway address, disable any NAT, ex.. "NAT Support Parameters" should all be "no", "NAT Mapping Enable: no" depending on your phone. Set the phone's RTP port range to 16384-16415 . Notice there is no NAT because of directmedia=no, the local SIP phones obviously are not NAT'ed to the local interface, and since AstLinux has a public IPv4 address it can talk without NAT to any public SIP sever. That should be all there is to it. :-) Or at least a start. Lonnie PS: You mentioned you also had a DMZ interface enabled, which should have nothing to do with the above. The AstLinux DMZ as implemented via AIF, is basically just another LAN segment NAT'ed to the INET but by default only packets are allowed to the INET, not to the AstLinux box, not to any LAN devices. In many cases DHCP and DNS must be allowed for DMZ devices, something like: Pass DMZ->Local UDP 0/0 53,67,68,161 On Oct 9, 2012, at 2:07 AM, Michael Knill wrote: > I have a customer that is having intermittent problems with one way voice. > Its definitely a firewall problem as there are heaps of packet drops being > reported when it fails: > Oct 9 17:29:53 IPCLink user.info kernel: AIF:UNPRIV UDP packet: IN=eth0 OUT= > MAC=00:0d:b9:29:51:58:00:22:6b:aa:3e:bc:08:00 SRC=17.173.254.223 > DST=124.168.209.154 LEN=44 TOS=0x08 PREC=0x20 TTL=43 ID=0 DF PROTO=UDP > SPT=16387 DPT=16403 LEN=24 > > He has a DMZ configured with a number of ports forwarded. The 'VOIP UDP > ports' param on the firewall page holds is 16384:16415 so this should be > fine. Directmedia = no so there should be no reinvites with all traffic going > through the Astlinux box. > > Could anyone give me some hints where to start troubleshooting. > > Regards > Michael Knill ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
