Hosted PBX (data center): bind Asterisk (to) 2 ports (or) forward with iptables (tips)

Hi:

Can you offer any suggestions / tips / reminders on how I can do one of these following ideas:

Say a hosted PBX (SangomaOS) is working great with SIP 5060/UDP (chan_SIP). All phones register (and have 2-way audio).

But:

Ref: Some clients face SIP ALG on their side (and/or) they cannot use port 5060/UDP on their side … (SIP mangling).

Is there a way (using either iptables or SangomaOS UI) … to do this:
I have not done this in a rather long time, and I forgot how to do it.

Have a 2nd port for chan_SIP 5060/UDP (bind to 2 ports)
so that we have either / both ports 5060/UDP and/or 8060/UDP working for chan_SIP.

OR:

Mable: have an iptables entry for IF traffic for port 8060/UDP arrives “forward” this (internally) to port 5060/UDP

If we could do the above: we would have no need to bind to a 2nd port, or change anything on the hosted PBX for port 5060/UDP because iptables is doing simple port forwarding.

Thanks for your thoughts and tips.

Oh: If we used port 8060/UDP with iptables forwarding …

I do realize: we would probably need to set the rport (SIP local port) to 8060/UDP (inside the UI of the SIP endpoint) (Yealink phone).

I’ll try with and without changing this in the Yealink phone to be sure the phone can register, etc.

I don’t think such a thing would work with chan_sip, but it’s past time to have migrated to pjsip anyway. If using pjsip, there is this post which may get you what you need

Generally when confronted with disagreeable routers, your time is better spent changing to TLS signaling.

I’m having difficulty understanding the scenario, but you should:

  • be using chan_pjsip;
  • not be using port 5060 (as it is well known to toll fraudsters).

I don’t understand why the port, for Asterisk, as seen by the remote user agents should be translated. I can envisage that the ports seen by Asterisk might be translated, but there is no requirement that the same remote port by used for each peer. It is only the local port that is constrained to be the same for everyone, and then only on chan_sip.

If your PBX is being NAT, then you can probably do it on the NAT Router/Firewall level.

You may also want to look into switching to TCP. You can use the same port for both protocols. (At least when using PJSIP)