Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 23 Jan 2011 17:19:37 +1000
From:      Da Rock <freebsd-questions@herveybayaustralia.com.au>
To:        freebsd-questions@freebsd.org
Subject:   My Asterisk server is trying to drive me insane
Message-ID:  <4D3BD689.80805@herveybayaustralia.com.au>

next in thread | raw e-mail | index | archive | help
I have a FreeBSD 8.1 pf firewall, and a FreeBSD 8.1 system running 
Asterisk 1.8. I have been hammering at this for a few weeks now with 
little forward progress. I'm about to go nuts trying to figure out what 
the hell is going on.

I have set up asterisk to trunk to my provider, and originally I 
couldn't get incoming calls working but I could ring out- I'm happy to 
report I can now receive incoming calls, but annoyingly now I can't ring 
out!

In order to get incoming calls I had to upgrade from asterisk 1.4 - 1.8 
and change my firewall settings:

$voip = asterisk server
$nodephone = provider server
$voip_tcp = 5060
$voip_udp = { 5060, 4569, 5036, 2727 }

nat on $ext_if inet proto { tcp, udp } from any port $voip_tcp to any -> 
($ext_if) port $voip_tcp

rdr on $ext_if inet proto { tcp, udp } from any to ($ext_if) port 
$voip_tcp -> $voip port $voip_tcp
rdr on $ext_if inet proto { tcp, udp } from $voip port $voip_tcp to any 
port $voip_tcp -> ($ext_if) port $voip_tcp

block log (all, log)
block in quick on $ext_if from $no_route_ips to any
block out quick on $ext_if from any to $no_route_ips

pass in $log on $ext_if inet proto tcp from any to $voip port $voip_tcp 
flags S/SA keep state
pass in $log on $ext_if inet proto udp from any to $voip port $voip_udp 
keep state
pass out $log on $int_if inet proto udp from any port $voip_udp to $voip 
port $voip_udp keep state
pass out $log on $int_if inet proto tcp from any port $voip_tcp to $voip 
port $voip_tcp flags S/SA keep state

pass out $log on $ext_if from $localnet to any

Everything appears to work, but the provider comes back with 200 and 
asterisk seems to do nothing and so it times out and errors with what it 
says is "circuit busy" from the provider.

tcpdump from both m/c's shows traffic to and from the asterisk server 
and the provider on port 5060, but rtp traffic (port 20000+) between the 
provider and asterisk only when an incoming call comes in, and between 
asterisk and the client.

Also in the invites from asterisk to the provider it says audio at port 
5060.

Am I missing something? I've tried the Asterisk list but I've gotten 
only one miniscule reply in nearly a weeks time, and my provider will 
not support Asterisk and won't say boo (mainly dependent on who you talk 
to at the time)- the only thing I get is its working their end (yay for 
them... :P).

Incidentally, their only response (to any problems with the service: 
asterisk, ata's, whatever) is to "open up all ports between our server 
and your server/ata". Apparently they "automagically" get around nat 
issues so nat is not necessary. But my main issue with that is what 
happens if someone spoofs their ip address? Not to mention I want to 
host this service (not their trunk, but my services) so I need to be 
able to accept from more than just their server. They don't seem to be 
able to track the ports they're using.

The only change I can tell is the upgrade to 1.8 and firewall settings 
that now allow me to receive calls- am I doomed to have only one or the 
other :( ?

Any clues before I lose all my hair guys?



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D3BD689.80805>