Hi Simon, Thanks for your comment. That part wasn't a quote. :) As you already stated forwarding all ports is not suitable in all cases. Fact is that the reinvites sometimes cause problems. The "simplest fix" stated is not the solution but one way to do it and to determine if this is the culprit at all. As always recommendations like these are not more or less than recommendations that the person needs to check on their own if it fits the given situation and environment. Should have stated that out more explicit. Sorry.
The best would be the way you wrote: Asterisk talking over explicit ports to providers trunk IPs. Rest of the world is excluded. Martin -----Ursprüngliche Nachricht----- Von: Simon Hobson [mailto:[email protected]] Gesendet: Montag, 19. Mai 2014 13:02 An: Shorewall Users Betreff: Re: [Shorewall-users] Shorewall Asterisk SIP Callls Stop at 30minutes Martin Tomczyk <[email protected]> wrote: > In your case I would try this: > Asterisk provides support for SIP Session Timers (RFC 4028) through > parameters in sip.conf. It provides a keep-alive mechanism. However, they > quite often don't work properly and cause calls to drop. The simplest fix is > to disable them with "session-timers=refuse". That was an interesting quote. Surely the "fix" is to explicitly forward all ports used by the internal Asterisk server. That way, if a re-invite appears after some time, it'll get passed through by the port forwarding rules and problem gone. How "safe" this is depends on the situation. If the Asterisk server only talks to specific addresses (ie a VoIP trunk provider) then you can restrict the addresses and avoid the problems of having open SIP ports. I don't recommend an open SIP port - you **WILL** suffer hack attempts, at work we've seen 1Mbps or more of register packets trying to brute-force an account. ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
