Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




171 posts

Master Geek


# 17682 6-Dec-2007 23:54
Send private message

Hi guys,

Just got setup for VFX last week, so I've been following Tony's instructions to get Trixbox up and running (thanks Tony!), with both eyeBeam and my Linksys SPA942. So far, I've got outbound calls working perfectly.

Inbound calls are not working though. WxC give me the message "The party you have called is unavailable" or similar when calling in from outside. sip debug peer VFX shows no indication that anyone is trying to connect to the Trixbox.

I'm behind a Debian machine that has been built as a NATing firewall using iptables. Due to the fact that RTP seems to choose a random port, I've added a single rule that should do DNAT PREROUTING for any UDP packets destined for ports 5000 through 32000 that arrive from as.wxcnz.net, to send them to Trixbox, as follows:

# Generated by iptables-save v1.2.11 on Thu Dec  6 23:41:44 2007
*nat
:PREROUTING ACCEPT [99316:6534542]
:POSTROUTING ACCEPT [2595:300942]
:OUTPUT ACCEPT [4868:469657]
-A PREROUTING -s 58.28.20.150 -i eth1 -p udp -m udp --dport 5000:32000 -j DNAT --to-destination 192.168.2.205
-A POSTROUTING -o eth1 -j SNAT --to-source 121.73.xxx.xxx
COMMIT
# Completed on Thu Dec  6 23:41:44 2007

eth0 is internal LAN, eth1 is connected to Telstra cable modem, 192.168.2.205 is the Trixbox server.

Any ideas what I've screwed up?
How are you guys dealing with NAT on VFX?

Thanks,
  Carey

Create new topic
205 posts

Master Geek

Trusted
WorldxChange

  # 98745 7-Dec-2007 14:06
Send private message

Are you seeing the packets leaving the firewall? if they aren't leaving the firewall it would tend to suggest perhaps your firewall rules are blocking the traffic.. i'm by no means an iptables ninja so i can't give you much of a pointer on what you already have.. i suspect most people are reliant on their routers to handle NAT for them..

I would start with ensuring the packets are getting to my firewall.. use something like ngrep -d eth1 port 5060 and host 58.28.20.150 to check this.. then see if any packets are being sent to your Asterisk box.. ngrep -d eth0 port 5060 and host 192.168.2.105 do both of these commands your your debian box.. i'm sure there are others out there that might be able to help with your iptables rules..

Hope this helps all the same..

Cheers

Josh






171 posts

Master Geek


  # 98751 7-Dec-2007 14:31
Send private message

Thanks Josh, I'll give that a go...

 
 
 
 


3594 posts

Uber Geek

Trusted
WorldxChange

  # 98760 7-Dec-2007 15:19
Send private message

Actually we just took a look at this, I think you have a small error in your config , your are actually sending the wrong contact header its missinga 1 from the phone number (highlighted in Bold) the From and  TO headers are correct (highlighted in Red) your contact is not


REGISTER sip:as.wxcnz.net SIP/2.0
Via: SIP/2.0/UDP 192.168.2.205:5060;branch=z9hG4bK35aa5ab0;rport
From: <sip:xx741100x@as.wxcnz.net>;tag=as2f0bd509
To: <sip:xx41100x@as.wxcnz.net>
Call-ID: 18b530a72696621c623e9bf448138ae6@127.0.0.1
CSeq: 341 REGISTER
User-Agent: Asterisk PBX
Max-Forwards: 70
Expires: 120
Contact: <sip:xx4100x@192.168.2.205>
Event: registration
Content-Length: 0




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



171 posts

Master Geek


  # 98781 7-Dec-2007 16:49
Send private message

Thanks guys. I've fixed my REGISTER string now to get rid of the typo at the end, so the Contact header appears to be being sent correctly. I am a little concerned that it is sending you the private address (192.168.2.205), because you guys need the public address to be able to send the incoming calls in my direction don't you?

I used ngrep to get the typo sorted, but it doesn't show any activity when I dial in from an outside number, so I assume it's because of the private IP in the Contact header. Anybody know how I can fix this up?

3594 posts

Uber Geek

Trusted
WorldxChange

  # 98786 7-Dec-2007 17:14
Send private message

xcubed: Thanks guys. I've fixed my REGISTER string now to get rid of the typo at the end, so the Contact header appears to be being sent correctly. I am a little concerned that it is sending you the private address (192.168.2.205), because you guys need the public address to be able to send the incoming calls in my direction don't you?

I used ngrep to get the typo sorted, but it doesn't show any activity when I dial in from an outside number, so I assume it's because of the private IP in the Contact header. Anybody know how I can fix this up?



Your Public Address is fine, just a little bit of natting magic, it was not shown in the trace I sent you for obvious reasons Laughing , I will need to reset your connection as it is still registered under the old one, this is now done and you reregistered correctly and SIP traffic is going to your Box now


ps. you may want to remove the G723 codec from your Codec List, support Codecs are
G729, G711U and A Wink




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



171 posts

Master Geek


# 98841 8-Dec-2007 01:16
Send private message

Beautiful guys! I'm all good to go now. Thanks so much for your help, both of you. This is why Xnet rocks, such wonderful help even for products you don't officially support. Smile

And I'll fix up the codec list now...

Carey

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

LG Electronics begins distributing the G8X THINQ
Posted 24-Oct-2019 10:58


Arlo unveils its first video doorbell
Posted 21-Oct-2019 08:27


New Zealand students shortlisted for James Dyson Award
Posted 21-Oct-2019 08:18


Norton LifeLock Launches Norton 360
Posted 21-Oct-2019 08:11


Microsoft New Zealand Partner Awards results
Posted 18-Oct-2019 10:18


Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.