![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
VanFanel89
2[H]4U
- Joined
- Apr 21, 2004
- Messages
- 2,931
I dumped Untangle and decided to give Astaro a try; so far I love it but fuck me - can't get port forwarding on a range to work right with my PBX:
I have an Asterisk PBX I've set up on my D-Link DNS323; it worked just fine from inside and outside my LAN when I was using my Netgear WNR300 router with Tomato.
The server uses UDP port 7363 for SIP Signaling (5060 was not secure... as was proven by some Lithuanian buttmunch) and UDP port range 19980-20000 for RTP traffic (two phones on the PBX... don't need anything else really). The server registers to SipGate.com which is done without a problem.
Here's what I've done so far:
1. I've created a service called DNS SIP which defines UDP port 7363 as the destination port for SIP signaling:
2. I've created a service called DNS RTP which defines UDP port range 19980:20000 as destination ports for RTP:
3. I've created a DNAT rule to allow external IP's to connect to the PBX using port 7363 for SIP signaling; this is a 1-1 translation. the "Destination" is configured to be the DNS323 device which is statically mapped to a.b.c.40 on my LAN:
4. I've created a DNAT rule to allow external IP's to connect to the PBX using ports 19980-20000 for RTP; this is also a 1-1 (well 20-20 lol) translation.
Both these DNAT rules are "enabled" meaning the green light is lit.
Here's what's happening:
From outside my LAN, the SIP phone app on my iPhone successfully registers with my Asterisk server. However, when I place a call, I get no RTP - it will ring the destination which I can pick up but there's no voice transfer. Soon after the call will just drop.
From inside my LAN it's basically the same story - my "phone" will connect to the PBX, the PBX will attempt to connect to the destination which rings and I can pick up, however about 5 seconds in, the call drops and while I have the call progressing there will be no RTP.
My only conclusion is that my port forwarding is flawed.
I did a live log and this is what I see when I try to do a call using the SIP phone app on my iPhone while it is outside my LAN (using ATT's 3G network):
23:35:44 Default DROP UDP
a.b.c.40 : 19994 → e.f.g.169 : 64598
23:35:44 Default DROP UDP
a.b.c.40 : 19994 → e.f.g.169 : 64598
23:35:44 Default DROP UDP
a.b.c.40 : 19994 → e.f.g.169 : 64598
23:35:48 Default DROP UDP
a.b.c.40 : 19996 → 204.155.29.56 : 45304
23:35:48 Default DROP UDP
a.b.c.40 : 19996 → 204.155.29.56 : 45304
a.b.c.40 is the internal (LAN) IP of my Asterisk PBX; e.f.g.169 is the IP address of my iPhone (as provided by ATT) and 204.155.29.56 is a SipGate IP (which acts as the relay).... as you can see the firewall still drops packets.
I read countless of articles and it looks like I am doing this right and yet...
I have an Asterisk PBX I've set up on my D-Link DNS323; it worked just fine from inside and outside my LAN when I was using my Netgear WNR300 router with Tomato.
The server uses UDP port 7363 for SIP Signaling (5060 was not secure... as was proven by some Lithuanian buttmunch) and UDP port range 19980-20000 for RTP traffic (two phones on the PBX... don't need anything else really). The server registers to SipGate.com which is done without a problem.
Here's what I've done so far:
1. I've created a service called DNS SIP which defines UDP port 7363 as the destination port for SIP signaling:
2. I've created a service called DNS RTP which defines UDP port range 19980:20000 as destination ports for RTP:
3. I've created a DNAT rule to allow external IP's to connect to the PBX using port 7363 for SIP signaling; this is a 1-1 translation. the "Destination" is configured to be the DNS323 device which is statically mapped to a.b.c.40 on my LAN:
4. I've created a DNAT rule to allow external IP's to connect to the PBX using ports 19980-20000 for RTP; this is also a 1-1 (well 20-20 lol) translation.
Both these DNAT rules are "enabled" meaning the green light is lit.
Here's what's happening:
From outside my LAN, the SIP phone app on my iPhone successfully registers with my Asterisk server. However, when I place a call, I get no RTP - it will ring the destination which I can pick up but there's no voice transfer. Soon after the call will just drop.
From inside my LAN it's basically the same story - my "phone" will connect to the PBX, the PBX will attempt to connect to the destination which rings and I can pick up, however about 5 seconds in, the call drops and while I have the call progressing there will be no RTP.
My only conclusion is that my port forwarding is flawed.
I did a live log and this is what I see when I try to do a call using the SIP phone app on my iPhone while it is outside my LAN (using ATT's 3G network):
23:35:44 Default DROP UDP
a.b.c.40 : 19994 → e.f.g.169 : 64598
23:35:44 Default DROP UDP
a.b.c.40 : 19994 → e.f.g.169 : 64598
23:35:44 Default DROP UDP
a.b.c.40 : 19994 → e.f.g.169 : 64598
23:35:48 Default DROP UDP
a.b.c.40 : 19996 → 204.155.29.56 : 45304
23:35:48 Default DROP UDP
a.b.c.40 : 19996 → 204.155.29.56 : 45304
a.b.c.40 is the internal (LAN) IP of my Asterisk PBX; e.f.g.169 is the IP address of my iPhone (as provided by ATT) and 204.155.29.56 is a SipGate IP (which acts as the relay).... as you can see the firewall still drops packets.
I read countless of articles and it looks like I am doing this right and yet...
