[OpenSIPS]: Firewall-Configuration

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[OpenSIPS]: Firewall-Configuration

Markus Klaus Schäffauer
Hello,

now I have OpenSIPS running and two VoIP-Phones registered via my
OpenSIPS (the registration of both is OK, as I can verify in the control
panel of OpenSIPS and in the phones itself).

In the OpenSIPS-Server, I opened the incoming port UDP 5060 in IPTABLES
for incoming calls (in the moment still restricted to the dyndns of my
home-IP = $IPTABLES -A INPUT -p udp -s xxx.xxx.xxx.xxx --dport 5060 -m
state --state NEW,ESTABLISHED,RELATED -j ACCEPT) and permited the
outgoing port UDP 5060 in IPTABLES for outgoing calls to any IP (=
IPTABLES -A OUTPUT -p udp --dport 5060 -m state --state NEW -j ACCEPT).

In my Home-Router, I opened the port UDP 5060 in IPTABLES for incoming
calls for the two VoIP-Phones (i.e. their respective IP). And the
outgoing requests are permited anyway.

But I can not make/receive any call - I try to call from one VoIP-Phone
to another (the traffic must leave my Home Network, enter the dedicated
OpenSIP-Server, leave it and enter my Home Network). The calling
VoIP-Phone is waiting some seconds and then indicating in it's display
the message "Network failure".

Is there something wrong in my concept?
Or can you give me any hints why the connections might fail?

Thank you very much!

Regards,
Markus




_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

[OpenSIPS]: Firewall-Configuration

Markus Klaus Schäffauer
Hello,

my last question (see copy at the bottom of this mail) got no answer - and as I allways got one, I suppose that something has gone wrong.

Or may be I put an question that is not within the scope of this list?

I would appreciate if somebody could indicate this to me.

My phones are ready, but I cannot use them - and I suppose it has to do with firewall problems.

Thank you!

Regards,
Markus


-------- Weitergeleitete Nachricht --------
Message-ID: [hidden email]
Date: Sun, 25 Jan 2015 22:00:57 +0100
From: Markus Klaus Schäffauer [hidden email]
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: [hidden email]
Subject: [OpenSIPS]: Firewall-Configuration
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


Hello,

now I have OpenSIPS running and two VoIP-Phones registered via my
OpenSIPS (the registration of both is OK, as I can verify in the control
panel of OpenSIPS and in the phones itself).

In the OpenSIPS-Server, I opened the incoming port UDP 5060 in IPTABLES
for incoming calls (in the moment still restricted to the dyndns of my
home-IP = $IPTABLES -A INPUT -p udp -s xxx.xxx.xxx.xxx --dport 5060 -m
state --state NEW,ESTABLISHED,RELATED -j ACCEPT) and permited the
outgoing port UDP 5060 in IPTABLES for outgoing calls to any IP (=
IPTABLES -A OUTPUT -p udp --dport 5060 -m state --state NEW -j ACCEPT).

In my Home-Router, I opened the port UDP 5060 in IPTABLES for incoming
calls for the two VoIP-Phones (i.e. their respective IP). And the
outgoing requests are permited anyway.

But I can not make/receive any call - I try to call from one VoIP-Phone
to another (the traffic must leave my Home Network, enter the dedicated
OpenSIP-Server, leave it and enter my Home Network). The calling
VoIP-Phone is waiting some seconds and then indicating in it's display
the message "Network failure".

Is there something wrong in my concept?
Or can you give me any hints why the connections might fail?

Thank you very much!

Regards,
Markus






_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [OpenSIPS]: Firewall-Configuration

Laszlo
In reply to this post by Markus Klaus Schäffauer


On Sun, Jan 25, 2015 at 10:00 PM, Markus Klaus Schäffauer <[hidden email]> wrote:
Hello,

now I have OpenSIPS running and two VoIP-Phones registered via my
OpenSIPS (the registration of both is OK, as I can verify in the control
panel of OpenSIPS and in the phones itself).

In the OpenSIPS-Server, I opened the incoming port UDP 5060 in IPTABLES
for incoming calls (in the moment still restricted to the dyndns of my
home-IP = $IPTABLES -A INPUT -p udp -s xxx.xxx.xxx.xxx --dport 5060 -m
state --state NEW,ESTABLISHED,RELATED -j ACCEPT) and permited the
outgoing port UDP 5060 in IPTABLES for outgoing calls to any IP (=
IPTABLES -A OUTPUT -p udp --dport 5060 -m state --state NEW -j ACCEPT).

In my Home-Router, I opened the port UDP 5060 in IPTABLES for incoming
calls for the two VoIP-Phones (i.e. their respective IP). And the
outgoing requests are permited anyway.

But I can not make/receive any call - I try to call from one VoIP-Phone
to another (the traffic must leave my Home Network, enter the dedicated
OpenSIP-Server, leave it and enter my Home Network). The calling
VoIP-Phone is waiting some seconds and then indicating in it's display
the message "Network failure".

Is there something wrong in my concept?
Or can you give me any hints why the connections might fail?


If I were you, I'd try without any iptables restrictions/rules first. Just to check if your call can hit the opensips box or not.
If not, it's the time to look at your home router's config.


 
Thank you very much!

Regards,
Markus




_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



--

--
Kind regards,
Laszlo Bekesi
http://voipfreak.net

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

[OpenSIPS]: Firewall-Configuration

Markus Klaus Schäffauer
Hi,

now I created a new rule in my home-router permitting all traffic from the OpenSIPS-Server to the home-LAN.

But I can neither see a call in "early stage" in the dialog-menu of the OpenSIPS control panel nor hear any ringing of the other phone.

What is not clear to me: The phones are able to register to the OpenSIPS via port 5060 udp - but do I need to open other ports/protocols, too?

With kind regards,
Markus



Am 27.01.2015 um 19:21 schrieb Laszlo:
On Sun, Jan 25, 2015 at 10:00 PM, Markus Klaus Schäffauer <
[hidden email]> wrote:

Hello,

now I have OpenSIPS running and two VoIP-Phones registered via my
OpenSIPS (the registration of both is OK, as I can verify in the control
panel of OpenSIPS and in the phones itself).

In the OpenSIPS-Server, I opened the incoming port UDP 5060 in IPTABLES
for incoming calls (in the moment still restricted to the dyndns of my
home-IP = $IPTABLES -A INPUT -p udp -s xxx.xxx.xxx.xxx --dport 5060 -m
state --state NEW,ESTABLISHED,RELATED -j ACCEPT) and permited the
outgoing port UDP 5060 in IPTABLES for outgoing calls to any IP (=
IPTABLES -A OUTPUT -p udp --dport 5060 -m state --state NEW -j ACCEPT).

In my Home-Router, I opened the port UDP 5060 in IPTABLES for incoming
calls for the two VoIP-Phones (i.e. their respective IP). And the
outgoing requests are permited anyway.

But I can not make/receive any call - I try to call from one VoIP-Phone
to another (the traffic must leave my Home Network, enter the dedicated
OpenSIP-Server, leave it and enter my Home Network). The calling
VoIP-Phone is waiting some seconds and then indicating in it's display
the message "Network failure".

Is there something wrong in my concept?
Or can you give me any hints why the connections might fail?


If I were you, I'd try without any iptables restrictions/rules first. Just
to check if your call can hit the opensips box or not.
If not, it's the time to look at your home router's config.




Thank you very much!

Regards,
Markus




_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users





_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [OpenSIPS]: Firewall-Configuration

Laszlo
Please trace a call attempt with ngrep to see the message flow:

ngrep -q '' -W byline port 5060 -d any -t

and attach the results to your reply



On Tue, Jan 27, 2015 at 10:48 PM, Markus Klaus Schäffauer <[hidden email]> wrote:
Hi,

now I created a new rule in my home-router permitting all traffic from the OpenSIPS-Server to the home-LAN.

But I can neither see a call in "early stage" in the dialog-menu of the OpenSIPS control panel nor hear any ringing of the other phone.

What is not clear to me: The phones are able to register to the OpenSIPS via port 5060 udp - but do I need to open other ports/protocols, too?

With kind regards,
Markus



Am 27.01.2015 um 19:21 schrieb Laszlo:
On Sun, Jan 25, 2015 at 10:00 PM, Markus Klaus Schäffauer <
[hidden email]> wrote:

Hello,

now I have OpenSIPS running and two VoIP-Phones registered via my
OpenSIPS (the registration of both is OK, as I can verify in the control
panel of OpenSIPS and in the phones itself).

In the OpenSIPS-Server, I opened the incoming port UDP 5060 in IPTABLES
for incoming calls (in the moment still restricted to the dyndns of my
home-IP = $IPTABLES -A INPUT -p udp -s xxx.xxx.xxx.xxx --dport 5060 -m
state --state NEW,ESTABLISHED,RELATED -j ACCEPT) and permited the
outgoing port UDP 5060 in IPTABLES for outgoing calls to any IP (=
IPTABLES -A OUTPUT -p udp --dport 5060 -m state --state NEW -j ACCEPT).

In my Home-Router, I opened the port UDP 5060 in IPTABLES for incoming
calls for the two VoIP-Phones (i.e. their respective IP). And the
outgoing requests are permited anyway.

But I can not make/receive any call - I try to call from one VoIP-Phone
to another (the traffic must leave my Home Network, enter the dedicated
OpenSIP-Server, leave it and enter my Home Network). The calling
VoIP-Phone is waiting some seconds and then indicating in it's display
the message "Network failure".

Is there something wrong in my concept?
Or can you give me any hints why the connections might fail?


If I were you, I'd try without any iptables restrictions/rules first. Just
to check if your call can hit the opensips box or not.
If not, it's the time to look at your home router's config.




Thank you very much!

Regards,
Markus




_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


      

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




--

--
Kind regards,
Laszlo Bekesi
http://voipfreak.net

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [OpenSIPS]: Firewall-Configuration

Terrance Devor
ALG is an evil three letter abbreviation​


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users