[Freeswitch-users] How to disable 5060-5080 with auto-nat at upnp?

Rupa Schomaker rupa at rupa.com
Tue Jan 11 19:34:33 MSK 2011


Well, there is no "the RTP port" -- there is a range which is quite
large by default.

I mean setup a rule to block the port, not point it somewhere else.
Though I guess you could point it to a black hole (IP that is never
assigned).

Why/how * works, I dunno.  Maybe someone else can answer that
question.  I don't see how to handle RTP data properly through a
firewall without support for portmapping initiated by FS (using upnp
or nat-pmp) or having a SIP ALG running on the firewall.

On Tue, Jan 11, 2011 at 10:26 AM, Alex Wang <hadyn_whx at hotmail.com> wrote:
> Hi Rupa
>
> Do you mean create a port map on the router to map to other ip instead
> of FS?
>
> update: That seems working. But do you think I can just turn off the
> auto-nat and map the rtp port out to get it working? Which way is the
> best? In the asterisk, I don't even need turn on upnp and don't need to
> map the port and it works fine behind the router, even those ATAs,
> normally you don't need to map any port on the router and they just
> register from isp and works fine with router(non UPNP & UPNP), why FS
> need do those extra step? I try to find the answer in the WiKi but cant
> find the explaination for that.
>
> Thanks
>
> Alex
>
>
> On Tue, 11 Jan 2011 09:09:46 -0600
> Rupa Schomaker <rupa at rupa.com> wrote:
>
>> Hmmm...  I didn't put anything in the nat_map code to allow some parts
>> of the sofia profile to participate in the nat mapping while others do
>> not.
>>
>> Brian, do you have any ideas?
>>
>> Alex, I'd suggest just blocking ports 5060-5080 on the firewall.  The
>> port blocking *should* take precedence over the upnp maps.
>>
>> On Mon, Jan 10, 2011 at 10:17 PM, Alex Wang <hadyn_whx at hotmail.com> wrote:
>> > Hi All
>> >
>> > Just don't want to open these port to the public, all my extensions are
>> > in my LAN. If I disable upnp, the outside sip register is not working, I
>> > mean no sound.
>> > How to disable the auto-nat publish 5060-5080 on the internet?
>> >
>> >
>> > Thanks
>> >
>> > Alex
>> >
>> >
>> >
>> > _______________________________________________
>> > FreeSWITCH-users mailing list
>> > FreeSWITCH-users at lists.freeswitch.org
>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> > http://www.freeswitch.org
>> >
>>
>>
>>
>> --
>> -Rupa
>>
>> _______________________________________________
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
>
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 
-Rupa



More information about the FreeSWITCH-users mailing list