[Freeswitch-users] firewall and nat

Jason White jason at jasonjgw.net
Wed Jan 7 01:52:17 PST 2009


kriko <kristjan.ugrin at gmail.com> wrote:
  
> Are there any other ports I should open on public computer?  With wireshark
> on the computer behind a lan, I can see RTP going away to 212.235.180.41,
> but not the other way.

Maybe the NAT device between the two machines is blocking the rtp traffic. Can
you configure the NAT device to forward incoming rtp to the correct
destination on the LAN?

If you capture packets on the machine with the public IP address and it shows
the RTP traffic being sent, this is evidence that the NAT device in between is
causing your problems

Have a look also at the wiki pages related to NAT.
>  
> There are also issues when e.g. terminating a call on public computer, fs on
> the other end will never terminate the call since SIP messages cannot reach
> the computer behind lan I guess, but this is second problem.

This is fixed by having SIP packets (port 6080 in the default external
profile) forwarded properly by the NAT device to the machine on the LAN.

In my router's configuration:
ip nat source static udp 192.168.0.2 5080 interface Dialer1 5080

I don't need to worry about the RTP ports because IP inspection is enabled,
and it seems to handle everything.





More information about the FreeSWITCH-users mailing list