[WXC/VFX] VFX NAT issues - unable to receive incoming calls

Forums › One NZ (including Farmside) › [WXC/VFX] VFX NAT issues - unable to receive incoming calls

xcubed

195 posts

Master Geek
+1 received by user: 17

ID Verified

Lifetime subscriber

#17682 6-Dec-2007 23:54

Hi guys,

Just got setup for VFX last week, so I've been following Tony's instructions to get Trixbox up and running (thanks Tony!), with both eyeBeam and my Linksys SPA942. So far, I've got outbound calls working perfectly.

Inbound calls are not working though. WxC give me the message "The party you have called is unavailable" or similar when calling in from outside. sip debug peer VFX shows no indication that anyone is trying to connect to the Trixbox.

I'm behind a Debian machine that has been built as a NATing firewall using iptables. Due to the fact that RTP seems to choose a random port, I've added a single rule that should do DNAT PREROUTING for any UDP packets destined for ports 5000 through 32000 that arrive from as.wxcnz.net, to send them to Trixbox, as follows:

# Generated by iptables-save v1.2.11 on Thu Dec 6 23:41:44 2007
*nat
:PREROUTING ACCEPT [99316:6534542]
:POSTROUTING ACCEPT [2595:300942]
:OUTPUT ACCEPT [4868:469657]
-A PREROUTING -s 58.28.20.150 -i eth1 -p udp -m udp --dport 5000:32000 -j DNAT --to-destination 192.168.2.205
-A POSTROUTING -o eth1 -j SNAT --to-source 121.73.xxx.xxx
COMMIT
# Completed on Thu Dec 6 23:41:44 2007

eth0 is internal LAN, eth1 is connected to Telstra cable modem, 192.168.2.205 is the Trixbox server.

Any ideas what I've screwed up?
How are you guys dealing with NAT on VFX?

Thanks,
Carey

joshp

205 posts

Master Geek
+1 received by user: 1

Trusted

WorldxChange

#98745 7-Dec-2007 14:06

Are you seeing the packets leaving the firewall? if they aren't leaving the firewall it would tend to suggest perhaps your firewall rules are blocking the traffic.. i'm by no means an iptables ninja so i can't give you much of a pointer on what you already have.. i suspect most people are reliant on their routers to handle NAT for them..

I would start with ensuring the packets are getting to my firewall.. use something like ngrep -d eth1 port 5060 and host 58.28.20.150 to check this.. then see if any packets are being sent to your Asterisk box.. ngrep -d eth0 port 5060 and host 192.168.2.105 do both of these commands your your debian box.. i'm sure there are others out there that might be able to help with your iptables rules..

Hope this helps all the same..

Cheers

Josh

http://wxc.co.nz

xcubed

195 posts

Master Geek
+1 received by user: 17

ID Verified

Lifetime subscriber

#98751 7-Dec-2007 14:31

Thanks Josh, I'll give that a go...

maverick

3594 posts

Uber Geek
+1 received by user: 80

Trusted

WorldxChange

#98760 7-Dec-2007 15:19

Actually we just took a look at this, I think you have a small error in your config , your are actually sending the wrong contact header its missinga 1 from the phone number (highlighted in Bold) the From and TO headers are correct (highlighted in Red) your contact is not

REGISTER sip:as.wxcnz.net SIP/2.0
Via: SIP/2.0/UDP 192.168.2.205:5060;branch=z9hG4bK35aa5ab0;rport
From: <sip:xx741100x@as.wxcnz.net>;tag=as2f0bd509
To: <sip:xx41100x@as.wxcnz.net>
Call-ID: 18b530a72696621c623e9bf448138ae6@127.0.0.1
CSeq: 341 REGISTER
User-Agent: Asterisk PBX
Max-Forwards: 70
Expires: 120
Contact: <sip:xx4100x@192.168.2.205>
Event: registration
Content-Length: 0

Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well

https://www.facebook.com/wxccommunications

xcubed

195 posts

Master Geek
+1 received by user: 17

ID Verified

Lifetime subscriber

#98781 7-Dec-2007 16:49

Thanks guys. I've fixed my REGISTER string now to get rid of the typo at the end, so the Contact header appears to be being sent correctly. I am a little concerned that it is sending you the private address (192.168.2.205), because you guys need the public address to be able to send the incoming calls in my direction don't you?

I used ngrep to get the typo sorted, but it doesn't show any activity when I dial in from an outside number, so I assume it's because of the private IP in the Contact header. Anybody know how I can fix this up?

maverick

3594 posts

Uber Geek
+1 received by user: 80

Trusted

WorldxChange

#98786 7-Dec-2007 17:14

xcubed: Thanks guys. I've fixed my REGISTER string now to get rid of the typo at the end, so the Contact header appears to be being sent correctly. I am a little concerned that it is sending you the private address (192.168.2.205), because you guys need the public address to be able to send the incoming calls in my direction don't you?

I used ngrep to get the typo sorted, but it doesn't show any activity when I dial in from an outside number, so I assume it's because of the private IP in the Contact header. Anybody know how I can fix this up?

Your Public Address is fine, just a little bit of natting magic, it was not shown in the trace I sent you for obvious reasons

, I will need to reset your connection as it is still registered under the old one, this is now done and you reregistered correctly and SIP traffic is going to your Box now

ps. you may want to remove the G723 codec from your Codec List, support Codecs are
G729, G711U and A

Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well

https://www.facebook.com/wxccommunications

xcubed

195 posts

Master Geek
+1 received by user: 17

ID Verified

Lifetime subscriber

#98841 8-Dec-2007 01:16

Beautiful guys! I'm all good to go now. Thanks so much for your help, both of you. This is why Xnet rocks, such wonderful help even for products you don't officially support.

And I'll fix up the codec list now...

Carey