Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community
 SearchSearch 

[Freeswitch-users] firewall and nat


 
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> freeSWITCH Users
View previous topic :: View next topic  
Author Message
kristjan.ugrin at gmai...
Guest





PostPosted: Wed Jan 07, 2009 4:36 am    Post subject: [Freeswitch-users] firewall and nat Reply with quote

Hello!

Yesterday I've successfully placed a call between two different domains:
originate sofia/default/1003@10.99.8.221 &bridge(sofia/gateway/212.235.180.41/1001)

I didn't hear any audio, but it was kinda working. Today I investigated this more deep and found some issues.
FS with 212.235.180.41 is a public computer with firewall, but open TCP and UDP 5060, 5080 ports. Freeswitch on this machine
uses default configuration.

FS with 10.99.8.221 is a lan computer in a different place, this is where I would like to start a call, the other way would
be probably too much difficult for now. I've added a gateway entry to this one:
http://pastebin.com/m2174ead

Calling from 10.99.8.221 (for e.g. using softphone at ext. 1003) to 212.235.180.41 (ext. 1001 for e.g.) works. Both end
answers, however I cannot hear audio coming trough. When testing I'm at the computer which is behind a lan, so I'm
capturing music as audio source on the other side.

Are there any other ports I should open on public computer?
With wireshark on the computer behind a lan, I can see RTP going away to 212.235.180.41, but not the other way.

There are also issues when e.g. terminating a call on public computer, fs on the other end will never terminate the call since
SIP messages cannot reach the computer behind lan I guess, but this is second problem.


--
kriko


_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
jason at jasonjgw.net
Guest





PostPosted: Wed Jan 07, 2009 4:58 am    Post subject: [Freeswitch-users] firewall and nat Reply with quote

kriko <kristjan.ugrin@gmail.com> wrote:

Quote:
Are there any other ports I should open on public computer? With wireshark
on the computer behind a lan, I can see RTP going away to 212.235.180.41,
but not the other way.

Maybe the NAT device between the two machines is blocking the rtp traffic. Can
you configure the NAT device to forward incoming rtp to the correct
destination on the LAN?

If you capture packets on the machine with the public IP address and it shows
the RTP traffic being sent, this is evidence that the NAT device in between is
causing your problems

Have a look also at the wiki pages related to NAT.
Quote:

There are also issues when e.g. terminating a call on public computer, fs on
the other end will never terminate the call since SIP messages cannot reach
the computer behind lan I guess, but this is second problem.

This is fixed by having SIP packets (port 6080 in the default external
profile) forwarded properly by the NAT device to the machine on the LAN.

In my router's configuration:
ip nat source static udp 192.168.0.2 5080 interface Dialer1 5080

I don't need to worry about the RTP ports because IP inspection is enabled,
and it seems to handle everything.


_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
Prometheus001 at gmx.net
Guest





PostPosted: Wed Jan 07, 2009 6:42 am    Post subject: [Freeswitch-users] firewall and nat Reply with quote

Generally speaking you will need to open an UPD port range for the RTP
stream. This can be configured on FS. Eg. we use 12000-13000 on our system.
Then If you do not hear any sound you may put

<param name="ext-rtp-ip" value="stun:stun.freeswitch.org"/>

in your external and internal profile, if FS is natted.

Best regards
Peter


kriko schrieb:
Quote:
Hello!

Yesterday I've successfully placed a call between two different domains:
originate sofia/default/1003@10.99.8.221 &bridge(sofia/gateway/212.235.180.41/1001)

I didn't hear any audio, but it was kinda working. Today I investigated this more deep and found some issues.
FS with 212.235.180.41 is a public computer with firewall, but open TCP and UDP 5060, 5080 ports. Freeswitch on this machine
uses default configuration.

FS with 10.99.8.221 is a lan computer in a different place, this is where I would like to start a call, the other way would
be probably too much difficult for now. I've added a gateway entry to this one:
http://pastebin.com/m2174ead

Calling from 10.99.8.221 (for e.g. using softphone at ext. 1003) to 212.235.180.41 (ext. 1001 for e.g.) works. Both end
answers, however I cannot hear audio coming trough. When testing I'm at the computer which is behind a lan, so I'm
capturing music as audio source on the other side.

Are there any other ports I should open on public computer?
With wireshark on the computer behind a lan, I can see RTP going away to 212.235.180.41, but not the other way.

There are also issues when e.g. terminating a call on public computer, fs on the other end will never terminate the call since
SIP messages cannot reach the computer behind lan I guess, but this is second problem.




_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
kristjan.ugrin at gmai...
Guest





PostPosted: Thu Jan 08, 2009 5:59 am    Post subject: [Freeswitch-users] firewall and nat Reply with quote

Thanks for all suggestions. Ufortunately I cannot get it working.
Seems like packets are not coming to phone behind nat (freeswitch is on public ip).

When registering I can see multiple notify retries like this:

send 802 bytes to udp/[10.99.10.6]:5060 at 10:49:31.762605:
------------------------------------------------------------------------
NOTIFY sip:1003@10.99.10.6;transport=UDP SIP/2.0
Via: SIP/2.0/UDP 212.235.180.41:5080;rport;branch=z9hG4bKtNStS2gtr8DNr
Max-Forwards: 70
From: <sip:1003@212.235.180.41>;tag=veSr4DmgmFHjr
To: <sip:1003@212.235.180.41>
Call-ID: cec2b00b-5814-122c-f981-000fea488302
CSeq: 109587536 NOTIFY
Contact: <sip:mod_sofia@212.235.180.41:5080>
User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10924M
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY, REFER, UPDATE, REGISTER, INFO
Supported: timer, precondition, path, replaces
Event: message-summary
Allow-Events: talk, refer
Subscription-State: terminated;timeout
Content-Type: application/simple-message-summary
Content-Length: 93

Messages-Waiting: yes
Message-Account: sip:1003@212.235.180.41
Voice-Message: 3/0 (0/0)


I've opened necessary ports and I've defined custom rtp port range (which goes trough).
Does nat should really just work if you register on external profile via port 5080? This is
what I'm doing now.
The phone on lan is a nokia N95 configured like described here (using port 5080):
http://wiki.freeswitch.org/wiki/Nokia_N95

Phone shows registered message, but it takes like a half minute to register, when I'm on home network this happens in a second.


On Wed, 07 Jan 2009 12:39:45 +0100, Peter P GMX <Prometheus001@gmx.net> wrote:

Quote:
Generally speaking you will need to open an UPD port range for the RTP
stream. This can be configured on FS. Eg. we use 12000-13000 on our
system.
Then If you do not hear any sound you may put

<param name="ext-rtp-ip" value="stun:stun.freeswitch.org"/>

in your external and internal profile, if FS is natted.

Best regards
Peter


kriko schrieb:
Quote:
Hello!

Yesterday I've successfully placed a call between two different domains:
originate sofia/default/1003@10.99.8.221
&bridge(sofia/gateway/212.235.180.41/1001)

I didn't hear any audio, but it was kinda working. Today I investigated
this more deep and found some issues.
FS with 212.235.180.41 is a public computer with firewall, but open TCP
and UDP 5060, 5080 ports. Freeswitch on this machine
uses default configuration.

FS with 10.99.8.221 is a lan computer in a different place, this is
where I would like to start a call, the other way would
be probably too much difficult for now. I've added a gateway entry to
this one:
http://pastebin.com/m2174ead

Calling from 10.99.8.221 (for e.g. using softphone at ext. 1003) to
212.235.180.41 (ext. 1001 for e.g.) works. Both end
answers, however I cannot hear audio coming trough. When testing I'm at
the computer which is behind a lan, so I'm
capturing music as audio source on the other side.

Are there any other ports I should open on public computer?
With wireshark on the computer behind a lan, I can see RTP going away
to 212.235.180.41, but not the other way.

There are also issues when e.g. terminating a call on public computer,
fs on the other end will never terminate the call since
SIP messages cannot reach the computer behind lan I guess, but this is
second problem.




_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



--
kriko



_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
Display posts from previous:   
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> freeSWITCH Users All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

VoiceMeUp - Corporate & Wholesale VoIP Services