[ previous ] [ next ] [ threads ]
 
 From:  Guido Quiram <guido at quiram dot org>
 To:  g7ltt at g7ltt dot com
 Cc:  Holger Bauer <Holger dot Bauer at citec dash ag dot de>, Carsten Holbach <Carsten dot Holbach at gmx dot de>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Port still get's blocked while allowed by firewallrule
 Date:  Wed, 26 Apr 2006 11:05:19 +0200 
> Are we using an Asterisk server here?
>
Thanks Sir; you solved the problem ;-) Best regards, Guido

> If so why are you not using "canreinvite=no" on the phones? This way you
> can force the Asterisk server to managed the whole call SIP, RTP etc as
> well as any transcoding that might be needed. You'll then elimitante the
> need to have NAT going to all of your handsets which won't work anyway.
>
> On Tue, 2006-04-25 at 11:08 +0200, Holger Bauer wrote:
> > That is not possible. NAT can't work that way (forwarding the same range of
> the same public IP to different internal IPs). If your SIP Provider offers a
> STUN Server try using this one. It should help with NAT-Traversal without the
> need for portforwards or NATs.
> >
> > If you only add a firewall rule without adding NAT it won't work for
> internal IPs (unless you route traffic what you don't do and what is not
> possible with your setup).
> >
> > Holger
> >
> > > -----Original Message-----
> > > From: Guido Quiram [mailto:guido at quiram dot org]
> > > Sent: Tuesday, April 25, 2006 11:03 AM
> > > To: Carsten Holbach; m0n0wall at lists dot m0n0 dot ch
> > > Subject: Re: [m0n0wall] Port still get's blocked while allowed by
> > > firewallrule
> > >
> > >
> > >  > Heya
> > >  >
> > >  > Did you set up incoming NAT for that?
> > >
> > > Nope, haven't as I have various internal SIP clients that use
> > > the port
> > > range UDP 11000 to 11009. Therefore I cannot set up incoming
> > > NAT to only
> > > one internal client.
> > >
> > > Basically I wonna allow incoming UDP traffic on ports 11000
> > > to 11009 to
> > > any internal device (maybe limitating to a couple of external IP
> > > addresses of the VoIP providers.
> > >
> > > Any idea? Thanks much so far and best regards, Guido
> > >
> > >
> > >
> > > Guido Quiram schrieb:
> > >  > Hi,
> > >  >
> > >  > sorry in case my prob has been already discussed for a thousand of
> > > times... I searched the archive, but can't find a direct solution.
> > >  >
> > >  > I have an active firewall rule  allowing all UDP to come
> > > in from any
> > > IP and any port to reach the "LAN net" on ports 11000 - 11009
> > > (RTP for
> > > VoIP).
> > >  >
> > >  > However, my log tells me the following was blocked:
> > >  > If  Source                      Destination     Proto
> > >  > WAN provideripaddress.ch:37490  myip.ch:11002      UDP
> > >  >
> > >  > What's wrong?
> > >  >
> > >  > Thanks much,
> > >  >
> > >  >
> > >  > Guido
> > >  >
> > >  >
> > > ---------------------------------------------------------------------
> > >  > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > >  > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > >  >
> > >  >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > >
> > >
> >
> > ____________
> > Virus checked by G DATA AntiVirusKit
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> >
>
>