[ previous ] [ next ] [ threads ]
 
 From:  Mark Phillips <g7ltt at g7ltt dot com>
 To:  Holger Bauer <Holger dot Bauer at citec dash ag dot de>
 Cc:  Carsten Holbach <Carsten dot Holbach at gmx dot de>, Guido Quiram <guido at quiram dot org>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Port still get's blocked while allowed by firewallrule
 Date:  Tue, 25 Apr 2006 19:43:31 -0400
Are we using an Asterisk server here? 

If so why are you not using "canreinvite=no" on the phones? This way you
can force the Asterisk server to managed the whole call SIP, RTP etc as
well as any transcoding that might be needed. You'll then elimitante the
need to have NAT going to all of your handsets which won't work anyway. 

On Tue, 2006-04-25 at 11:08 +0200, Holger Bauer wrote:
> That is not possible. NAT can't work that way (forwarding the same range of the same public IP to
different internal IPs). If your SIP Provider offers a STUN Server try using this one. It should
help with NAT-Traversal without the need for portforwards or NATs.
> 
> If you only add a firewall rule without adding NAT it won't work for internal IPs (unless you
route traffic what you don't do and what is not possible with your setup).
> 
> Holger
> 
> > -----Original Message-----
> > From: Guido Quiram [mailto:guido at quiram dot org]
> > Sent: Tuesday, April 25, 2006 11:03 AM
> > To: Carsten Holbach; m0n0wall at lists dot m0n0 dot ch
> > Subject: Re: [m0n0wall] Port still get's blocked while allowed by
> > firewallrule
> > 
> > 
> >  > Heya
> >  >
> >  > Did you set up incoming NAT for that?
> > 
> > Nope, haven't as I have various internal SIP clients that use 
> > the port 
> > range UDP 11000 to 11009. Therefore I cannot set up incoming 
> > NAT to only 
> > one internal client.
> > 
> > Basically I wonna allow incoming UDP traffic on ports 11000 
> > to 11009 to 
> > any internal device (maybe limitating to a couple of external IP 
> > addresses of the VoIP providers.
> > 
> > Any idea? Thanks much so far and best regards, Guido
> > 
> > 
> > 
> > Guido Quiram schrieb:
> >  > Hi,
> >  >
> >  > sorry in case my prob has been already discussed for a thousand of 
> > times... I searched the archive, but can't find a direct solution.
> >  >
> >  > I have an active firewall rule  allowing all UDP to come 
> > in from any 
> > IP and any port to reach the "LAN net" on ports 11000 - 11009 
> > (RTP for 
> > VoIP).
> >  >
> >  > However, my log tells me the following was blocked:
> >  > If  Source                      Destination     Proto
> >  > WAN provideripaddress.ch:37490  myip.ch:11002      UDP
> >  >
> >  > What's wrong?
> >  >
> >  > Thanks much,
> >  >
> >  >
> >  > Guido
> >  >
> >  > 
> > ---------------------------------------------------------------------
> >  > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >  > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >  >
> >  >
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > 
> > 
> 
> ____________
> Virus checked by G DATA AntiVirusKit
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
>