----- Original Message ----- From: "Simon Hobson" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Tuesday, May 15, 2007 9:19 AM Subject: Re: [Shorewall-users] shorewall & asterisk
> lpa du morvan wrote: > > >I have a PC with asterisk on my lan, the registration to my sip provider is > >good throught shorewall but i have not audio when I call a external sip > >account. > > > >I will not make that on shorewall (very not secure but functionnal !): > > > >Forward UDP Port 5060-5082 to local_ip_asterisk > >Forward UDP Port 10000 to 20000 to local_ip_asterisk > > > >I will use ip_conntrack_sip and ip_nat_sip, they are activated in > >/usr/share/horewall/modules and good loaded, and the sip netfilter is > >functionnal between 2 zones on shorewall. > > > >On shorewall the rule initiating for sip netfilter : lan ----> wan udp 5060 > >is present > > > >tail -f /var/log/messages is quiet on shorewall for this problem ! > > First thought - do you use NAT ? Have your properly configured > Asterisk for this (/etc/asterisk/sip_nat.conf IIRC) ? > > Also, you can open less ports for RTP by editing rtp.conf. > > And I think you only need port 5060, not ports 5060 to 5082. > > Finally, if you correctly configure Asterisk for the NAT then do NOT > load ip_nat_sip which (I think) will mangle your SIP packets for you. Hi, thanks for your answer. But I did not make any configuration on my asterisk because when I used MNF2, all is functionnal with the native installation of asterisk, and on MNF2 I have right addition in /etc/shorewall/rules ACCEPT lan wan udp 1024:65535 and nothing of changed in /etc/shorewall/modules (sip_conntrack and sip_nat did not exist at that time !) only this: ---------------------------------------------------------- module ip_tables loadmodule iptable_filter loadmodule ip_conntrack loadmodule ip_conntrack_ftp loadmodule ip_conntrack_tftp loadmodule ip_conntrack_irc loadmodule iptable_nat loadmodule ip_nat_ftp loadmodule ip_nat_tftp loadmodule ip_nat_irc ---------------------------------------------------------------------------- - I must thus preserve my MNF2 only for my asterisk !!! and I would like to give up my MNF2 completely. Thanks VUILLET Damien ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
