[Freeswitch-users] firewall and nat
kriko
kristjan.ugrin at gmail.com
Thu Jan 8 02:58:33 PST 2009
Thanks for all suggestions. Ufortunately I cannot get it working.
Seems like packets are not coming to phone behind nat (freeswitch is on public ip).
When registering I can see multiple notify retries like this:
send 802 bytes to udp/[10.99.10.6]:5060 at 10:49:31.762605:
------------------------------------------------------------------------
NOTIFY sip:1003 at 10.99.10.6;transport=UDP SIP/2.0
Via: SIP/2.0/UDP 212.235.180.41:5080;rport;branch=z9hG4bKtNStS2gtr8DNr
Max-Forwards: 70
From: <sip:1003 at 212.235.180.41>;tag=veSr4DmgmFHjr
To: <sip:1003 at 212.235.180.41>
Call-ID: cec2b00b-5814-122c-f981-000fea488302
CSeq: 109587536 NOTIFY
Contact: <sip:mod_sofia at 212.235.180.41:5080>
User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-10924M
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY, REFER, UPDATE, REGISTER, INFO
Supported: timer, precondition, path, replaces
Event: message-summary
Allow-Events: talk, refer
Subscription-State: terminated;timeout
Content-Type: application/simple-message-summary
Content-Length: 93
Messages-Waiting: yes
Message-Account: sip:1003 at 212.235.180.41
Voice-Message: 3/0 (0/0)
I've opened necessary ports and I've defined custom rtp port range (which goes trough).
Does nat should really just work if you register on external profile via port 5080? This is
what I'm doing now.
The phone on lan is a nokia N95 configured like described here (using port 5080):
http://wiki.freeswitch.org/wiki/Nokia_N95
Phone shows registered message, but it takes like a half minute to register, when I'm on home network this happens in a second.
On Wed, 07 Jan 2009 12:39:45 +0100, Peter P GMX <Prometheus001 at gmx.net> wrote:
> Generally speaking you will need to open an UPD port range for the RTP
> stream. This can be configured on FS. Eg. we use 12000-13000 on our
> system.
> Then If you do not hear any sound you may put
>
> <param name="ext-rtp-ip" value="stun:stun.freeswitch.org"/>
>
> in your external and internal profile, if FS is natted.
>
> Best regards
> Peter
>
>
> kriko schrieb:
>> Hello!
>>
>> Yesterday I've successfully placed a call between two different domains:
>> originate sofia/default/1003 at 10.99.8.221
>> &bridge(sofia/gateway/212.235.180.41/1001)
>>
>> I didn't hear any audio, but it was kinda working. Today I investigated
>> this more deep and found some issues.
>> FS with 212.235.180.41 is a public computer with firewall, but open TCP
>> and UDP 5060, 5080 ports. Freeswitch on this machine
>> uses default configuration.
>>
>> FS with 10.99.8.221 is a lan computer in a different place, this is
>> where I would like to start a call, the other way would
>> be probably too much difficult for now. I've added a gateway entry to
>> this one:
>> http://pastebin.com/m2174ead
>>
>> Calling from 10.99.8.221 (for e.g. using softphone at ext. 1003) to
>> 212.235.180.41 (ext. 1001 for e.g.) works. Both end
>> answers, however I cannot hear audio coming trough. When testing I'm at
>> the computer which is behind a lan, so I'm
>> capturing music as audio source on the other side.
>>
>> Are there any other ports I should open on public computer?
>> With wireshark on the computer behind a lan, I can see RTP going away
>> to 212.235.180.41, but not the other way.
>>
>> There are also issues when e.g. terminating a call on public computer,
>> fs on the other end will never terminate the call since
>> SIP messages cannot reach the computer behind lan I guess, but this is
>> second problem.
>>
>>
>>
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
--
kriko
More information about the FreeSWITCH-users
mailing list