Freepbx behind NAT issue

arun · February 7, 2012, 1:16am

Hi Here is my setting.

PBX Firmware:
1.0.0.0

PBX Service Pack:
1.88.210.57-1

ISP : Time warner cable

Freepbx has a local IP address is 192.168.0.8
I have forwarded UDP 5060 and 5061 to the 192.168.0.8
I have forwarded UDP 10000 to 20000 to the 192.168.0.8

All I have done so far is created a couple of extensions. I cant seem to get my linksys Pap2 ATA register successfully to it. I have enabled NAT in all the extensions.

I have DynDns setup so that I have a public DNS available and Im able to ping to that.

In the proxy field I put my public DNS.

I have a syslog server running in the same network as the freepbx. and I have forwarded port 514 on my router for syslog to that PC.

I can see that request from the remote extension coming to the pap2 and the response from the pap2 via the syslog console.

Here is what I get from the syslog server console
19:09:55 117.193.67.226 Feb 7 06:40:13 0016B65E35A8 SIP/2.0 501 Not Implemented
Via: SIP/2.0/UDP 192.168.2.2:5062;branch=z9hG4bK-4de07e9e;received=117.193.67.226
From: MyPBX sip:[email protected];tag=e521e88c8c6391ddo0
To: MyPBX sip:[email protected]
Call-ID: [email protected]
CSeq: 160 REGISTER
Server: YATE/3.3.2
Allow: ACK, INVITE, BYE, CANCEL, OPTIONS, INFO
Content-Length: 0

19:09:55 117.193.67.226 Feb 7 06:40:13 0016B65E35A8 SIP/2.0 501 Not Implemented
Via: SIP/2.0/UDP 192.168.2.2:5062;branch=z9hG4bK-9140794;received=117.193.67.226
From: MyPBX sip:[email protected];tag=e521e88c8c6391ddo0
To: MyPBX sip:[email protected]
Call-ID: [email protected]
CSeq: 34206 REGISTER
Server: YATE/3.3.2
Allow: ACK, INVITE, BYE, CANCEL, OPTIONS, INFO
Content-Length: 0

19:09:55 117.193.67.226 Feb 7 06:40:13 0016B65E35A8 REGISTER sip:mypbx.getmyip.com SIP/2.0
Via: SIP/2.0/UDP 192.168.2.2:5062;branch=z9hG4bK-4de07e9e
From: MyPBX sip:[email protected];tag=e521e88c8c6391ddo0
To: MyPBX sip:[email protected]
Call-ID: [email protected]
CSeq: 160 REGISTER
Max-Forwards: 70
Event: keep-alive
User-Agent: Linksys/PAP2-3.1.12(LS)
Content-Length: 0

19:09:55 117.193.67.226 Feb 7 06:40:12 0016B65E35A8 REGISTER sip:mypbx.getmyip.com SIP/2.0
Via: SIP/2.0/UDP 192.168.2.2:5062;branch=z9hG4bK-9140794
From: MyPBX sip:[email protected];tag=e521e88c8c6391ddo0
To: MyPBX sip:[email protected]
Call-ID: [email protected]
CSeq: 34206 REGISTER
Max-Forwards: 70
Contact: MyPBX sip:[email protected]:5062;expires=3600
User-Agent: Linksys/PAP2-3.1.12(LS)
Content-Length: 0
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
Supported: x-sipura

I have enabled SIP debug on from the CLI.
I dont see any activity on the asterisk CLI.

In addition to the port forwarding in my router, do I need to do anything in the freepbx server?

I see that fail2ban is running, is that something I mess with.

I have been using asterisk for couple of years now and I always put my server and DMZ and have not dealt with these issues. My Timewarner cable has a DMZ option but does not allocate a PUBLIC ip to my freepbx server. So Im trying to get it working with just the port forwarding.

This is driving me crazy…

Any help is really appreciated…

SkykingOH · February 7, 2012, 1:21am

PBX Firmware? I don’t even know what that is? How was this system installed?

What version FreePBX? Have you configured the SIP NAT settings with your outside IP?

WizardOfDos · February 7, 2012, 1:23am

Skyking he’s referring to what shows up under system admin in the distro.

He’s running 2.10 of the distro
Asterisk 1.8.8

WizardOfDos · February 7, 2012, 1:27am

Now apologies if I’m blind… i see a lot of config info… but what is the problem?

Remote phones? Registering to your sip provider? what are you trying to do that you can’t do?

what’s the 192.168.2.2 and the 117.193.67.226 addresses?

arun · February 7, 2012, 1:59am

117.193.67.226 is a remote extension 203 trying to register.
192.168.0.2 is a local extension that is trying to register.

Both does not succeed.

Here is link to a small set of the syslog output

http://dl.dropbox.com/u/30405631/SysLog.txt

Thanks for looking into this.

I do see that the 203 extension is trying to register to 5062 which I dont have forwarded. Im going to change that SIP port to 5060 in the Pap2 ATA config.

My other extension 200 is coming from a local network IP 192.168.0.2 and that is not able to register.

That is what worries me.

tonyclewis · February 7, 2012, 2:10am

What does SIP show peers show?

WizardOfDos · February 7, 2012, 2:13am

19:09:55 117.193.67.226 Feb 7 06:40:13 0016B65E35A8 SIP/2.0 501 Not Implemented
Via: SIP/2.0/UDP 192.168.2.2:5062;branch=z9hG4bK-4de07e9e;received=117.193.67.226

is 192.168.2.2 the local device ip on the far end? Is nat enabled on it? shouldn’t it be registering with it’s public ip?

arun · February 7, 2012, 2:32am

Name/username Host Dyn Forcerport ACL Port Status
200 (Unspecified) D N A 0 UNKNOWN
201 (Unspecified) D N A 0 UNKNOWN
203 (Unspecified) D N A 0 UNKNOWN
206 (Unspecified) D N A 0 UNKNOWN
4 sip peers [Monitored: 0 online, 4 offline Unmonitored: 0 online, 0 offline]

This is what I get.

I did enable nat=yes in the freepbx GUI. and on the remote ATA settings I NAT enabled and NAT keep alive msg set to $REGISTER and destination to $PROXY

SkykingOH · February 7, 2012, 5:14am

I ask again did you setup external and local net in sip settings?

Have you reviewed the copious documentation on the web concerning NAT and SIP? We also don’t suggest exposing the system to the Internet,you should use a VPN.

AdHominem · February 7, 2012, 6:31am

You very likely have not configured your Asterisk SIP Settings correctly.

Before you go any further, I suggest you read the following:

http://www.freepbx.org/support/documentation/installation/first-steps-after-installation

and

http://www.freepbx.org/support/documentation/howtos/howto-setup-a-remote-sip-extension

I strongly recommend that you not use remote extensions at all. If you absolutely must have a remote user, it is far better to:

Set up the external phone with its own FreePBX system and use IAX Trunks to connect your two systems together. This can be done without forwarding ANY ports at all.

or

Have the external phone register to SIP Service like voip.ms or callcentric, and use their internal call routing options to route the calls into your system.

arun · February 7, 2012, 12:49pm

I have configured the NAT settings from the freepbx GUI.

Here is what I see in the sip_general_additional.conf
nat=yes
externip=192.168.0.8
localnet=192.168.0.0/255.255.255.0

My freepbx is sitting behind NAT.

SkykingOH · February 7, 2012, 12:57pm

You have your private IP in externip instead of your public.

arun · February 7, 2012, 1:16pm

I have changed it to

nat=yes
externip=76.187.79.7
localnet=192.168.0.0/255.255.255.0

Still the same result.

Do we need to open any ports from within the CENTOS in addition to the port forwarding setup in the router

arun · February 7, 2012, 1:20pm

I just create a test extension with the following information.

extension 222
display name test
secret test123

everything is left to the default of freepbx.

my public IP is 76.187.79.7

If you need to test it.

jrb74 · July 27, 2013, 7:34pm

i am using astrerisknow trying to configure free pbx but when i type in the above ip iy wont allow me to go to freepbx it did one time but now all i get is a klot of ip address, pls help

dicko · July 27, 2013, 9:34pm

post the output of

cat /var/www/html/index*