On 1/27/11 1:39 PM, Matthew Kitchin (public/usenet) wrote:
I can shed some light on that I think. Verizon required they send us
calls on port 5060. We do nat the port to 5080. We hadn't seen any
issue there, but I guess we have now for some reason.
Verizon --5060-- our router -- 5080 --> sipx
when I had this problem with level3, and TRIED everyone's suggestions of
pat, port forwarding, etc, I found that at LAYER4 IT WORKED, but phucked
up at LAYER7.
this won't work.. did it work? no, it just sorta worked. it won't
work. as in 'undefined', as in maybe, under certain circumstances,
sometimes it works.
you need an application layer proxy. you need a seperate copy of FS to
do this. you need an SBC to do this. you need a simple perl script to
do this, and/or, I think the juniper firewalls can modify sip invites on
the fly.
as in, what needs to be done?
verizon port 5060 (in the invite, verizon sends the '5060' somewhere)
you neet to xlate to port 5080. not only layer4, but layer7 (netsed?).
sipx sees it as coming TO port 5080, and responds back, saying 'thanks,
I got this on port 5080, continue on port 5080'
the OUTBOUNDS needs to xlate src port 5080 on sipx to 5060, AND THEN
TRANSLATE THE ASCII TEXT 5080 BACK TO 5060.
so, in your case, what you are trying to do, won't work.
no, don't tell me it sorta works, you just proved it won't work.
Tony and I tried a while back, and I tried with a copy of FS on pfsense,
then finally convinced level3 that if they want my $17 a month, they
needed to send to me on port 5080.
Tony can tell you about how hard level3 will work for your business.
you might call them. tell them tony and I send you.
(or help us come up with the bounty to pay for a good pfsense/fs config
that will do the proxying.. I still think a couple of copies of netsed
might do it, but I don't need to try today)
how to try cheaply?
get voip.ms to work with static ip authentication. if you get that to
work, then you have it.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/
