VoIP Mailing List Archives

[daldworth at teliax.com]

No love. They set extern ip so the IP comes through correctly, but the acl did not seem to have any affect. We are still sending to the wrong port. Sip trace, acl.conf.xml and sip profile are below:

U 2008/11/06 10:46:01.924795 70.88.65.1:50085 -> 70.42.223.23:5060
SIP/2.0 100 Trying.
Via: SIP/2.0/UDP 70.42.223.23;branch=z9hG4bKU7360cS96r7Sg;received=70.42.223.23;rport=5060.
From: "TELIAX FAX" <sip:303825XXXX@70.42.223.23>;tag=armgX7QeNQ94N.
To: <sip:317376XXXX@70.88.65.1:50085>.
Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
CSeq: 106878444 INVITE.
User-Agent: Asterisk PBX.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
Contact: <sip:317376XXXX@70.88.65.1>.
Content-Length: 0.
.


U 2008/11/06 10:46:01.931791 70.88.65.1:50085 -> 70.42.223.23:5060
SIP/2.0 180 Ringing.
Via: SIP/2.0/UDP 70.42.223.23;branch=z9hG4bKU7360cS96r7Sg;received=70.42.223.23;rport=5060.
From: "TELIAX FAX" <sip:303825XXXX@70.42.223.23>;tag=armgX7QeNQ94N.
To: <sip:317376XXXX@70.88.65.1:50085>;tag=as78a21a0c.
Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
CSeq: 106878444 INVITE.
User-Agent: Asterisk PBX.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
Contact: <sip:317376XXXX@70.88.65.1>.
Content-Length: 0.
.


U 2008/11/06 10:46:01.932294 70.88.65.1:50085 -> 70.42.223.23:5060
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 70.42.223.23;branch=z9hG4bKU7360cS96r7Sg;received=70.42.223.23;rport=5060.
From: "TELIAX FAX" <sip:303825XXXX@70.42.223.23>;tag=armgX7QeNQ94N.
To: <sip:317376XXXX@70.88.65.1:50085>;tag=as78a21a0c.
Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
CSeq: 106878444 INVITE.
User-Agent: Asterisk PBX.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
Contact: <sip:317376XXXX@70.88.65.1>.
Content-Type: application/sdp.
Content-Length: 257.
.
v=0.
o=root 2901 2901 IN IP4 70.88.65.1.
s=session.
c=IN IP4 70.88.65.1.
t=0 0.
m=audio 19378 RTP/AVP 0 8 3 101.
a=rtpmap:0 PCMU/8000.
a=rtpmap:8 PCMA/8000.
a=rtpmap:3 GSM/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=silenceSupp:off - - - -.


U 2008/11/06 10:46:01.932694 70.42.223.23:5060 -> 70.88.65.1:5060
ACK sip:317376XXXX@70.88.65.1 SIP/2.0.
Via: SIP/2.0/UDP 70.42.223.23;rport;branch=z9hG4bKvgXZ279c41Xcc.
Max-Forwards: 70.
From: "TELIAX FAX" <sip:303825XXXX@70.42.223.23>;tag=armgX7QeNQ94N.
To: <sip:317376XXXX@70.88.65.1:50085>;tag=as78a21a0c.
Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
CSeq: 106878444 ACK.
Contact: <[url=sip:mod_sofia@70.42.223.23:5060]sip:mod_sofia@70.42.223.23:5060[/url]>.
Content-Length: 0.




Here is the acl:


<configuration name="acl.conf" description="Network Lists">
<network-lists>
<list name="dl-candidates" default="allow">
<node type="deny" cidr="10.0.0.0/8"/>
<node type="deny" cidr="172.16.0.0/12"/>
<node type="deny" cidr="192.168.0.0/16"/>
</list>
<list name="rfc1918" default="deny">
<node type="allow" cidr="10.0.0.0/8"/>
<node type="allow" cidr="172.16.0.0/12"/>
<node type="allow" cidr="192.168.0.0/16"/>
</list>
<list name="lan" default="allow">
<node type="deny" cidr="192.168.42.0/24"/>
<node type="allow" cidr="192.168.42.42/32"/>
</list>
<list name="strict" default="deny">
<node type="allow" cidr="208.102.123.124/32"/>
</list>
<list name="domains" default="deny">
<node type="allow" domain="$${domain}"/>
</list>
<list name="nat" default="allow">
<node type="allow" cidr="0.0.0.0/0"/>
</list>
</network-lists>
</configuration>




And here is the sip profile:


<profile name="external">


<gateways>
<X-PRE-PROCESS cmd="include" data="external/*.xml"/>
</gateways>

<domains>
<domain name="$${domain}" parse="true"/>
</domains>


<settings>
<param name="debug" value="0"/>
<param name="sip-trace" value="no"/>
<param name="rfc2833-pt" value="101"/>
<param name="sip-port" value="5060"/>
<param name="dialplan" value="XML"/>
<param name="context" value="public"/>
<param name="dtmf-duration" value="100"/>
<param name="codec-prefs" value="$${outbound_codec_prefs}"/>
<param name="hold-music" value="$${hold_music}"/>
<param name="use-rtp-timer" value="true"/>
<param name="rtp-timer-name" value="soft"/>
<param name="multiple-registrations" value="true"/>
<param name="manage-presence" value="true"/>
<param name="aggressive-nat-detection" value="true"/>
<param name="NDLB-force-rport" value="true"/>
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="true"/>
<param name="rtp-timeout-sec" value="1800"/>
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
<param name="ext-sip-ip" value="$${external_sip_ip}"/>
<param name="rtp-timeout-sec" value="300"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<param name="apply-nat-acl" value="nat"/>
</settings>
</profile>

















On Nov 6, 2008, at 8:37 AM, Anthony Minessale wrote:

[anthony.minessale at g...]

This is svn trunk? There is no reason this should not work. it happens all the time where this setting breaks it for people going the other way when they don't want it to happen.

If you can't get it working we can probably configure it for you.



On Thu, Nov 6, 2008 at 11:55 AM, David Aldworth <daldworth@teliax.com (daldworth@teliax.com)> wrote:

[daldworth at teliax.com]

Anthony. Did you want to log in and check it out?

I can send you the files if you think it's something else.


David

On Nov 6, 2008, at 12:38 PM, Anthony Minessale wrote: