rgm at htt-consult.com Guest
|
Posted: Fri Jan 04, 2008 10:28 am Post subject: [asterisk-users] 2 firewalls, different INVITES |
|
|
I have a SIP trunk to Broadvoice. My Asterisk box (1.4.13) is on public
addresses behind a firewall.
Originally it was behind a Linksys WRT54G running sveasoft. Sveasoft
really can't NOT do NAT even when you turn it off. My Asterisk box is
defined as the DMZ box to Sveasoft and it seemed like it was leaving all
packets alone. Now I switch to a Centos-based firewall configured with
Shorewall (which only compiles Netfilter commands then steps out of
Netfilter's way). There is NO hint of NATing on the Shorewall firewall.
Calls from Boradvoice to my Asterisk box worked just fine with the
Sveasoft firewall but fail with the Shorewall. And the problem is in
the INVITE where in the first case there is and SDP to use a different
address (than Broadvoice's SIP server) for the RTP flow, but that is not
in the INVITE with the Shorewall firewall. I have attached Wireshark
traces of the 2 INVITEs.
What am I missing that is causing this behaviour?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Itfails
Type: application/octet-stream
Size: 745 bytes
Desc: not available
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20080104/4b69b924/attachment.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: itworks
Type: application/octet-stream
Size: 744 bytes
Desc: not available
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20080104/4b69b924/attachment-0001.obj |
|