Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


3404 posts

Uber Geek
+1 received by user: 399

Trusted

Topic # 65911 9-Aug-2010 09:36
Send private message

Hey Guys, I attempted to move our phone server (VM) from our office to a colocated server at ICONZ over the weekend however I had some issues with making calls out/into the system. After changing the IP from our private, office range to a public one I could make calls into the system for about 3 minutes after each reboot before it failed. A "SIP show peers" showed that our 2 trunks were registered with WXC however when I tried to call it just failed after leaving the system on for about 3 minutes.

I have allowed the following in our firewall considering it is now on public IP space:


  • Allow All 210.48.XX.XX/29 (our Auckland office range)

  • Allow All 58.24.XX.XX (our Wellington firewall IP)

  • Allow SIP (5060) 58.28.20.150


I'm guessing that maybe we need something else opened?





Create new topic
3594 posts

Uber Geek
+1 received by user: 79

Trusted
WorldxChange

  Reply # 365238 9-Aug-2010 09:40
Send private message

I am guesiing that your firwaall is closing the SIP pin hole, hence the reason that you can make call for the first 3 minutes as the registartion timers are set for 180 seconds, if you have a keep alive try setting this to 60 seconds and see how you go, the other thing that you may not be sending the registrations after startup ... something to check as well




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



3404 posts

Uber Geek
+1 received by user: 399

Trusted

  Reply # 365242 9-Aug-2010 09:43
Send private message

Sorry guys - a question further to this, also about firewall setup. At the moment we have a static IP range/address for our offices however I'm looking at installing 3g dongles onto our firewalls for failover should our primary link go down. I don't think 3g dongles can have static IPs so how should I configure the firewall to allow connection from them for phone registration?

Something like:

Allow SIP (5060) All?





3594 posts

Uber Geek
+1 received by user: 79

Trusted
WorldxChange

  Reply # 365244 9-Aug-2010 09:44
Send private message

Not a good idea especially if you have a IP PABX, if you allow it opne then you leave your self open to SIP hackers, you need to lock it down to your SIP Peers only, in this case 58.28.20.150




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



3404 posts

Uber Geek
+1 received by user: 399

Trusted

  Reply # 365247 9-Aug-2010 09:50
Send private message

maverick: I am guesiing that your firwaall is closing the SIP pin hole, hence the reason that you can make call for the first 3 minutes as the registartion timers are set for 180 seconds, if you have a keep alive try setting this to 60 seconds and see how you go, the other thing that you may not be sending the registrations after startup ... something to check as well


Hi Maverick,
Thanks for the information. I presume the SIP pin hole is some kind of service that runs on a port other than 5060? What I think I'll try tonight is to just allow all ports access to 58.28.20.150. I also notice in the config I use (that was supplied by WxC) there is the following setting:

nat=yes

should I set this to no?







3404 posts

Uber Geek
+1 received by user: 399

Trusted

  Reply # 365250 9-Aug-2010 09:53
Send private message

maverick: Not a good idea especially if you have a IP PABX, if you allow it opne then you leave your self open to SIP hackers, you need to lock it down to your SIP Peers only, in this case 58.28.20.150


Hmmm OK. Do you think I should ask Vodafone/2degrees/Telecom XT (which supplier I decide to go with) what their possible IP ranges are and just allow those ranges?





3594 posts

Uber Geek
+1 received by user: 79

Trusted
WorldxChange

  Reply # 365251 9-Aug-2010 09:55
Send private message

What you want is your rules to allow access on 5060 to and from 58.28.20.150, we don't care about your IP as such as we have the user auth credentials which takes care of that.




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.