Hi thanks Lonnie and Michael for your input. There are no remote clients so that should not be a problem. Michael the internal PBX is not Asterisk and is not managed by myself. As such, although I would like to proxy to the internal PBX, this will not be possible as I have no configuration access to it. They were having issues previously which were resolved with fixed NAT rules on the current firewall so I will certainly still want to add this configuration on Astlinux.
Basically from what I can see, it should work fine but I just wanted to check that if I add a "NAT EXT->LAN" rule with a specific "Source" address, then this traffic will be forwarded to the internal PBX but all other traffic using the same ports (e.g. 5060 and potentially media ports) will terminate locally on the Astlinux appliance. E.g. will Astlinux ONLY NAT EXT->LAN the traffic from the specified source address? Im also not quite sure what the NAT EXT: field is used for which appears when you select "NAT EXT->LAN" and would love someone to explain it to me. Thanks all. Regards Michael Knill -----Original Message----- From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> Date: Tuesday, 5 September 2017 at 11:05 pm To: AstLinux List <astlinux-users@lists.sourceforge.net> Subject: Re: [Astlinux-users] Guidance on configuring NAT on Astlinux Hi Michael, It depends, if the pre-existing SIP PBX only does outbound calls (SIP trunking) then don't enable any "NAT EXT->LAN" to the SIP PBX and make sure the SIP PBX trunk registers or qualifies often enough to keep a firewall state open for inbound calls from the provider. You may have to forward the RTP media range, again depends, try without but be prepared to "NAT EXT->LAN" the RTP range if needed. If the pre-existing SIP PBX has to service remote "clients", that is more trouble with NAT, in that case I would consider using your AstLinux box at the edge to handle those and act as a proxy to the internal pre-existing SIP PBX. Lonnie On Sep 5, 2017, at 6:06 AM, Michael Knill <michael.kn...@ipcsolutions.com.au> wrote: > Hi Michael > > Thanks for that but you misunderstand sorry. > Astlinux is on the edge and a SIP PBX is on the inside that will eventually > be replaced. > > Regards > Michael Knill > > -----Original Message----- > From: Michael Keuter <li...@mksolutions.info> > Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> > Date: Tuesday, 5 September 2017 at 6:20 pm > To: AstLinux List <astlinux-users@lists.sourceforge.net> > Subject: Re: [Astlinux-users] Guidance on configuring NAT on Astlinux > > >> Am 05.09.2017 um 09:16 schrieb Michael Knill >> <michael.kn...@ipcsolutions.com.au>: >> >> Hi group >> >> I have a bit of a tricky one that I want to run past the Astlinux firewall >> experts. >> >> Scenario: >> An existing PBX (soon to be replaced) using an existing SIP Provider sitting >> BEHIND an Astlinux appliance which is connected to another SIP Provider. >> >> Should I just be able to do NAT EXT -> LAN to the internal PBX for 5060 & >> Media Ports using the Source IP Addresses of their current provider? Or do I >> need to add something in NAT EXT: ? >> I just recall that I had issues with Astlinux and forwarding 5060 but that >> was a while ago. >> >> Thanks. >> >> Regards >> Michael Knill > > Hi Michael, > > I had the same issue. It is quite easy: > > On the PBX behind the main AstLinux box set in sip.conf: > > ; NAT settings > externaddr=xx.xx.xx.xx:5062 ; this tells the second provider to send the > returning packets to port 5062! > localnet=yy.yy.yy.yy/255.255.255.0 > nat=force_rport,comedia > > Then on the main AstLinux box set NAT EXT -> LAN port 5062 to the IP of the > 2nd PBX but on port 5060! > Then just use different RTP ports then on the edge box. > > Michael > > http://www.mksolutions.info > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
