Distro behind Firewall - Extensions not registering

attique · June 29, 2011, 11:12am

I’m having trouble registering all our extensions after placing the freepbx box behind a firewall.

The setup is as follows:
My router has a public WAN IP as 76.123.47.25 and LAN IP is 10.1.1.1

The PBX box is connected to the router and has an IP of 10.1.1.10.

On the router I have forwarded UDP and TCP port 5060 to 10.1.1.10. I have also forwarded the PORT range 10000 to 20000 for RTP to 10.1.1.10
In the PBX I had changes the following setting:

Tools – Asterisk SIP settings:
NAT settings:
NAT: YES
IP configuration: Static IP

External IP: 76.123.47.25
Local Network
Local Networks: 10.1.1.10 /255.255.255.0
Codecs Selected are: ulaw, Alaw and Gsm
In Extensions tab, under “Device option”. NAT is set as ”yes”

I ‘ve programmed the phones to connect to 76.123.47.25, using port 5060, but they are not connecting. The status error is 408.
Please advise if I have missed any step or what else I can we try?
Any suggestion would be appreciated,

Thanks
Attique

mrgoblin · June 29, 2011, 11:27am

Surely if your localnet is set to 10.1.1.10 /255.255.255.0 then your phones will connect to your server on 10.1.1.10.

And since they are on the same subnet they wont be being NATed.

attique · June 29, 2011, 7:56pm

The Phones are not on the local network. They connect over the internet.

The router is at a colocation with WAN IP 76.123.47.25, LAN IP 10.1.1.1.
PBX on Colocation has LAN IP 10.1.1.10.

Phones are on remote sites configured to connect to 76.123.47.25 (router), that is port forwarded to PBX box at 10.1.1.10.

Please comment.

Thanks

SkykingOH · June 29, 2011, 7:32pm

Have you thought about a VPN to the site. This would allow you to use the endpoint manager and other features that require insecure traffic. The VPN solves many problems.

You could use OpenVPN on your server at the data center and a pfSense box at the office.

attique · June 29, 2011, 8:09pm

We do have VPN tunnel setup but its not a solution for us as approx. 100 phone lines of various clients are connecting to our pbx from numerous locations.

Currently they are conneting to another server on a direct WAN IP, theat is not secure. We are setting up another server behind firewall to make it secure and them move our clients to it.

We need the port forwaring to work and I belive it is possible as I have seen articles explaining how to do it. However I have taken those steps but its not working.

Please advise.

Thanks

SkykingOH · June 30, 2011, 12:43am

Honestly if you are putting “clients” on the system you are making money and can afford to use support to find out what you have set wrong.

You can send the contents of sip_general_additional.conf and the output of “sip show settings” and we may be able to figure it out in the forum.

tonyclewis · June 30, 2011, 12:47am

Guys

You all missed the obvious here.

Local Networks: 10.1.1.10 /255.255.255.0

Should be

Local Networks: 10.1.1.0 /255.255.255.0

SkykingOH · June 30, 2011, 1:02am

Good catch, although it could just be a typo since he had to transcribe by hand.

One would think that a service provider would know the difference between and IP address and a network number.

attique · June 30, 2011, 1:18am

The network is set to: Local Networks: 10.1.1.0 /255.255.255.0 NOT 10.1.1.10.

I just made an error in typing it above in the forum.
Still no luck.
Awaiting for more hints.

Thanks

SkykingOH · June 30, 2011, 1:26am

You can send the contents of sip_general_additional.conf and the output of “sip show settings” and we may be able to figure it out in the forum.

Did you not see this suggestion?

attique · June 30, 2011, 2:35am

Where do I sent the file? (sip_general_additional.conf)

Is it to be sent to "[email protected]"?

SkykingOH · June 30, 2011, 3:18am

Post the contents in the forum along with the output of ‘sip show settings’

asterisk21st · July 1, 2011, 2:47am

We’re waiting on the results.

attique · July 1, 2011, 11:14pm

I re-installed PBX and did all setting again and this time it worked. The extensions got registered behind the firewall using port forwarding.

However the 2 test extension I created are registering and I can make calls to each other but no voice is transferring among them. Neither party can hear each other.

I will search the article on the forum. Any Advise?

Thank a lot for your valued support.

attique · July 2, 2011, 12:43am

Which IP should be dynamic instead of being static?

Just to revamp, my current situation is as follow:
PBX on a remote site behind Firewall, port 5060 UDP and TCP forwarded to PBX. Aslo ports 10000-20000 is forwarded to the PBX.

Phones on another remote site connect to PBX over internet. They registers to the server. When we call from one extension to another extension, the bell rings and connection is established, however no audio is coming on both ends.

cosmicwombat · July 1, 2011, 11:54pm

Should be dynamic IP in this scenario.

SkykingOH · July 2, 2011, 4:06am

You must have NAT set wrong. Still need the info I requested to help you.

attique · July 2, 2011, 10:52pm

Thank you for your tips and suggestions. The NAT problem was resolved 2 days ago. The audio problem is solved by installing on a different hardware.

I will create a new ticket/case for the audio problem on a particular set of hardware.

Thank you all once again for your support.