Re: [asterisk-users] SJphone behind NAT/Firewall without sound
Is the Asterisk server yours? I am trying to figure out if Asterisk is in your control and if it could be a problem at Asterisk, rather than your SJPhone or your script, because I don't see any glaring problems in the script. Regards, Amit. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of kazabe Sent: Friday, April 04, 2008 9:00 AM To: asterisk-users@lists.digium.com Subject: [asterisk-users] SJphone behind NAT/Firewall without sound Hi. I need connect some LAN stations with SJphone to an Asterisk Server published on Internet. My Lan Clients access to Internet using a small linux firewall/proxy server. I use the next firewall script. That is a simple script with default policy ACCEPT, and NAT to share Internet.I can connect to the asterisk server, authtenticate the users in the server, and dial to any extension, but we can ear any sound.I need some additional rules in my script? Thanks in advance #!/bin/bash IPTABLES=/sbin/iptables EXT=eth0 INT=eth1 case $1 in start) echo 1 /proc/sys/net/ipv4/ip_forward $IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -F $IPTABLES -t nat -F $IPTABLES -t nat -A POSTROUTING -s 192.168.12.0/24 -d 0.0.0.0/0 -o $EXT -j MASQUERADE $IPTABLES -t nat -A PREROUTING -p TCP -s 192.168.12.0/24 --dport 80 -d -j REDIRECT --to-port 3128 $IPTABLES -A INPUT -i $EXT -p ICMP -j ACCEPT $IPTABLES -A INPUT -i $EXT -p TCP --dport 22 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -i $EXT -p TCP --dport 443 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -i $EXT -p TCP --dport 80 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -p TCP -m state --state RELATED -j ACCEPT $IPTABLES -A INPUT -i $EXT -m state --state NEW,INVALID -j DROP $IPTABLES -A FORWARD -i $EXT -m state --state NEW,INVALID -j DROP ;; stop) $IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -F $IPTABLES -t nat -F ;; restart) $0 stop sleep 2 $0 start ;; status) $IPTABLES -L $IPTABLES --table nat --list --exact --verbose --numeric --line-numbers ;; *) echo Usage: $0 {start|stop|restart|status} exit 1 esac exit 0 -- Imagination is more important than knowlege A.E. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SJphone behind NAT/Firewall without sound
No. I dont manage the asterisk server. I just manage my proxy/firewall, and i need to my users can connect to that server. The asterisk server is of another company. But the laptop users can connect without problem to that server, from any place, except from my LAN. This is my scenarie: LAN-FW/PROXY--INTERNETASTERISK-SRV thanks in advance 2008/4/4, Amit Nagpal [EMAIL PROTECTED]: Is the Asterisk server yours? I am trying to figure out if Asterisk is in your control and if it could be a problem at Asterisk, rather than your SJPhone or your script, because I don't see any glaring problems in the script. Regards, Amit. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of kazabe Sent: Friday, April 04, 2008 9:00 AM To: asterisk-users@lists.digium.com Subject: [asterisk-users] SJphone behind NAT/Firewall without sound Hi. I need connect some LAN stations with SJphone to an Asterisk Server published on Internet. My Lan Clients access to Internet using a small linux firewall/proxy server. I use the next firewall script. That is a simple script with default policy ACCEPT, and NAT to share Internet.I can connect to the asterisk server, authtenticate the users in the server, and dial to any extension, but we can ear any sound.I need some additional rules in my script? Thanks in advance #!/bin/bash IPTABLES=/sbin/iptables EXT=eth0 INT=eth1 case $1 in start) echo 1 /proc/sys/net/ipv4/ip_forward $IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -F $IPTABLES -t nat -F $IPTABLES -t nat -A POSTROUTING -s 192.168.12.0/24 -d 0.0.0.0/0 -o $EXT -j MASQUERADE $IPTABLES -t nat -A PREROUTING -p TCP -s 192.168.12.0/24 --dport 80 -d -j REDIRECT --to-port 3128 $IPTABLES -A INPUT -i $EXT -p ICMP -j ACCEPT $IPTABLES -A INPUT -i $EXT -p TCP --dport 22 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -i $EXT -p TCP --dport 443 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -i $EXT -p TCP --dport 80 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -p TCP -m state --state RELATED -j ACCEPT $IPTABLES -A INPUT -i $EXT -m state --state NEW,INVALID -j DROP $IPTABLES -A FORWARD -i $EXT -m state --state NEW,INVALID -j DROP ;; stop) $IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -F $IPTABLES -t nat -F ;; restart) $0 stop sleep 2 $0 start ;; status) $IPTABLES -L $IPTABLES --table nat --list --exact --verbose --numeric --line-numbers ;; *) echo Usage: $0 {start|stop|restart|status} exit 1 esac exit 0 -- Imagination is more important than knowlege A.E. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Imagination is more important than knowlege A.E. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SJphone behind NAT/Firewall without sound
Hi, I re-created your setup locally - even ran your script to setup NAT 192.168.12.2 (SJPhone) 192.168.12.1 (NAT-1) | -(nat box) | (NAT-1) 10.0.15.101 --- 10.0.15.102 Asterisk And another client (Xlite) behind a separate NAT. I made a call from SJPhone to XLite and vice versa - I am getting Audio in both directions. I used SJPhone 1.65 on Windows, and Asterisk 1.4.17. Your problem lies somewhere else. Your script looks just fine. Regards, Amit. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of kazabe Sent: Friday, April 04, 2008 9:36 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] SJphone behind NAT/Firewall without sound No. I dont manage the asterisk server. I just manage my proxy/firewall, and i need to my users can connect to that server. The asterisk server is of another company. But the laptop users can connect without problem to that server, from any place, except from my LAN. This is my scenarie: LAN-FW/PROXY--INTERNETASTERISK-SRV thanks in advance 2008/4/4, Amit Nagpal [EMAIL PROTECTED]: Is the Asterisk server yours? I am trying to figure out if Asterisk is in your control and if it could be a problem at Asterisk, rather than your SJPhone or your script, because I don't see any glaring problems in the script. Regards, Amit. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of kazabe Sent: Friday, April 04, 2008 9:00 AM To: asterisk-users@lists.digium.com Subject: [asterisk-users] SJphone behind NAT/Firewall without sound Hi. I need connect some LAN stations with SJphone to an Asterisk Server published on Internet. My Lan Clients access to Internet using a small linux firewall/proxy server. I use the next firewall script. That is a simple script with default policy ACCEPT, and NAT to share Internet.I can connect to the asterisk server, authtenticate the users in the server, and dial to any extension, but we can ear any sound.I need some additional rules in my script? Thanks in advance #!/bin/bash IPTABLES=/sbin/iptables EXT=eth0 INT=eth1 case $1 in start) echo 1 /proc/sys/net/ipv4/ip_forward $IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -F $IPTABLES -t nat -F $IPTABLES -t nat -A POSTROUTING -s 192.168.12.0/24 -d 0.0.0.0/0 -o $EXT -j MASQUERADE $IPTABLES -t nat -A PREROUTING -p TCP -s 192.168.12.0/24 --dport 80 -d -j REDIRECT --to-port 3128 $IPTABLES -A INPUT -i $EXT -p ICMP -j ACCEPT $IPTABLES -A INPUT -i $EXT -p TCP --dport 22 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -i $EXT -p TCP --dport 443 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -i $EXT -p TCP --dport 80 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -p TCP -m state --state RELATED -j ACCEPT $IPTABLES -A INPUT -i $EXT -m state --state NEW,INVALID -j DROP $IPTABLES -A FORWARD -i $EXT -m state --state NEW,INVALID -j DROP ;; stop) $IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -F $IPTABLES -t nat -F ;; restart) $0 stop sleep 2 $0 start ;; status) $IPTABLES -L $IPTABLES --table nat --list --exact --verbose --numeric --line-numbers ;; *) echo Usage: $0 {start|stop|restart|status} exit 1 esac exit 0 -- Imagination is more important than knowlege A.E. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Imagination is more important than knowlege A.E. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api
Re: [asterisk-users] SJphone behind NAT/Firewall without sound
On Thu, 3 Apr 2008 22:30:10 -0500, kazabe [EMAIL PROTECTED] wrote: I need connect some LAN stations with SJphone to an Asterisk Server published on Internet. [...] I dont manage the asterisk server. I just manage my proxy/firewall, and i need to my users can connect to that server. SIP works like FTP: One channel to manage calls, and a second one for data (audio): http://freshmeat.net/articles/view/2079/ Since Asterisk doesn't (yet) support STUN, to get audio packets to be received, you must configure the NAT firewall to let them in, and route them inside to the Asterisk server. This must match whatever is listed under /etc/asterisk/rtp.conf (you can reduce the range from 1-2 to eg. 1-10010; I could be wrong, but I think RTP actually needs two channels per call.) The same thing is required for the client hosts running the SJPhone application, but from what I read, most firewalls will work without having to map ports, and STUN-capable applications like SJPhone will keep the UDP ports open by sending out dummy packets regularly. If you can't modify the NAT firewall in front of the Asterisk server, I don't see how to solve this. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] SJphone behind NAT/Firewall without sound
Hi. I need connect some LAN stations with SJphone to an Asterisk Server published on Internet. My Lan Clients access to Internet using a small linux firewall/proxy server. I use the next firewall script. That is a simple script with default policy ACCEPT, and NAT to share Internet.I can connect to the asterisk server, authtenticate the users in the server, and dial to any extension, but we can ear any sound.I need some additional rules in my script? Thanks in advance #!/bin/bash IPTABLES=/sbin/iptables EXT=eth0 INT=eth1 case $1 in start) echo 1 /proc/sys/net/ipv4/ip_forward $IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -F $IPTABLES -t nat -F $IPTABLES -t nat -A POSTROUTING -s 192.168.12.0/24 -d 0.0.0.0/0 -o $EXT -j MASQUERADE $IPTABLES -t nat -A PREROUTING -p TCP -s 192.168.12.0/24 --dport 80 -d -j REDIRECT --to-port 3128 $IPTABLES -A INPUT -i $EXT -p ICMP -j ACCEPT $IPTABLES -A INPUT -i $EXT -p TCP --dport 22 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -i $EXT -p TCP --dport 443 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -i $EXT -p TCP --dport 80 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -p TCP -m state --state RELATED -j ACCEPT $IPTABLES -A INPUT -i $EXT -m state --state NEW,INVALID -j DROP $IPTABLES -A FORWARD -i $EXT -m state --state NEW,INVALID -j DROP ;; stop) $IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -F $IPTABLES -t nat -F ;; restart) $0 stop sleep 2 $0 start ;; status) $IPTABLES -L $IPTABLES --table nat --list --exact --verbose --numeric --line-numbers ;; *) echo Usage: $0 {start|stop|restart|status} exit 1 esac exit 0 -- Imagination is more important than knowlege A.E. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users