Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOne NZ (including Farmside)[WXC/VFX] DVX - what ports?
Zeon

3926 posts

Uber Geek
+1 received by user: 759

Trusted

#65911 9-Aug-2010 09:36
Send private message

Hey Guys, I attempted to move our phone server (VM) from our office to a colocated server at ICONZ over the weekend however I had some issues with making calls out/into the system. After changing the IP from our private, office range to a public one I could make calls into the system for about 3 minutes after each reboot before it failed. A "SIP show peers" showed that our 2 trunks were registered with WXC however when I tried to call it just failed after leaving the system on for about 3 minutes.

I have allowed the following in our firewall considering it is now on public IP space:


  • Allow All 210.48.XX.XX/29 (our Auckland office range)

  • Allow All 58.24.XX.XX (our Wellington firewall IP)

  • Allow SIP (5060) 58.28.20.150


I'm guessing that maybe we need something else opened?




Speedtest 2019-10-14

Create new topic
maverick
3594 posts

Uber Geek
+1 received by user: 80

Trusted
WorldxChange

  #365238 9-Aug-2010 09:40
Send private message

I am guesiing that your firwaall is closing the SIP pin hole, hence the reason that you can make call for the first 3 minutes as the registartion timers are set for 180 seconds, if you have a keep alive try setting this to 60 seconds and see how you go, the other thing that you may not be sending the registrations after startup ... something to check as well




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



Zeon

3926 posts

Uber Geek
+1 received by user: 759

Trusted

  #365242 9-Aug-2010 09:43
Send private message

Sorry guys - a question further to this, also about firewall setup. At the moment we have a static IP range/address for our offices however I'm looking at installing 3g dongles onto our firewalls for failover should our primary link go down. I don't think 3g dongles can have static IPs so how should I configure the firewall to allow connection from them for phone registration?

Something like:

Allow SIP (5060) All?




Speedtest 2019-10-14

maverick
3594 posts

Uber Geek
+1 received by user: 80

Trusted
WorldxChange

  #365244 9-Aug-2010 09:44
Send private message

Not a good idea especially if you have a IP PABX, if you allow it opne then you leave your self open to SIP hackers, you need to lock it down to your SIP Peers only, in this case 58.28.20.150




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications



Zeon

3926 posts

Uber Geek
+1 received by user: 759

Trusted

  #365247 9-Aug-2010 09:50
Send private message

maverick: I am guesiing that your firwaall is closing the SIP pin hole, hence the reason that you can make call for the first 3 minutes as the registartion timers are set for 180 seconds, if you have a keep alive try setting this to 60 seconds and see how you go, the other thing that you may not be sending the registrations after startup ... something to check as well


Hi Maverick,
Thanks for the information. I presume the SIP pin hole is some kind of service that runs on a port other than 5060? What I think I'll try tonight is to just allow all ports access to 58.28.20.150. I also notice in the config I use (that was supplied by WxC) there is the following setting:

nat=yes

should I set this to no?




Speedtest 2019-10-14

Zeon

3926 posts

Uber Geek
+1 received by user: 759

Trusted

  #365250 9-Aug-2010 09:53
Send private message

maverick: Not a good idea especially if you have a IP PABX, if you allow it opne then you leave your self open to SIP hackers, you need to lock it down to your SIP Peers only, in this case 58.28.20.150


Hmmm OK. Do you think I should ask Vodafone/2degrees/Telecom XT (which supplier I decide to go with) what their possible IP ranges are and just allow those ranges?




Speedtest 2019-10-14

maverick
3594 posts

Uber Geek
+1 received by user: 80

Trusted
WorldxChange

  #365251 9-Aug-2010 09:55
Send private message

What you want is your rules to allow access on 5060 to and from 58.28.20.150, we don't care about your IP as such as we have the user auth credentials which takes care of that.




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright