From: jonas kellens [mailto:jonas.kell...@telenet.be]
Sent: Friday, January 15, 2010 8:23 AM
To: efw-user@lists.sourceforge.net
Subject: Re: [Efw-user] Open up ports without sending it to an IP on the LAN
Hello Marco,
to keep the NAT tunnel open between my SIP-phones behind NAT/firewall I send
SIP-option packets from my SIP-server (Asterisk) to the SIP-phones.
But when I restart my SIP-server and my firewall, my SIP-server complaints :
[Jan 14 16:50:26] WARNING[1480]: chan_sip.c:1817 __sip_xmit: sip_xmit of
0x1e56c160 (len 552) to publicip:5063 returned -1: Operation not permitted
[Jan 14 16:50:26] WARNING[1480]: chan_sip.c:1817 __sip_xmit: sip_xmit of
0x1e56c3d0 (len 546) to publicip:5062 returned -1: Operation not permitted
[Jan 14 16:50:26] WARNING[1480]: chan_sip.c:1817 __sip_xmit: sip_xmit of
0x1e562440 (len 546) to publicip:5061 returned -1: Operation not permitted
So the SIP option packets do not get through my Endian firewall any more.
That's why I need to just open up this range 5060 --> 5063.
Jonas.
**************
You are saying that your asterisk sip-server is outside your lan, (or is it
inside?) sending packets to the phones inside your lan to keep a NAT tunnel
open?
Why is that necessary?
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user
