Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 28 December 2024, 12:09:18 am

Login with username, password and session length

Download the latest community FREE version  HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  How to get SIP to work on Community Editon 5.5.1
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: How to get SIP to work on Community Editon 5.5.1  (Read 11196 times)
bdmeyer
Full Member
***
Offline Offline

Posts: 12


« on: Wednesday 01 August 2012, 11:30:37 am »

I understand there is no more SIP proxy.

I added this to the outgoing rules:
    
Code:
6c:33:a9:11:f1:a1 	RED 	TCP+UDP/5060 TCP+UDP/5070 	ALLOW 	 SIP

I am pretty certain I only need UDP.

When i enable outbound rules, I get dial tone but no voice.
Eth1 is my DMZ. Nothing else is on it. i tried the same rules on the Green Interface. Same  and results.

With TCPDump I see this when I dial out:

Code:
tcpdump -i eth1 port 5060 or port 5070 -nnv

tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
21:15:03.755289 IP (tos 0x0, ttl  64, id 1131, offset 0, flags [none], proto: UDP (17), length: 30) 192.168.2.150.17107 > 216.234.78.8.5070: UDP, length 2
21:15:14.037785 IP (tos 0x0, ttl  64, id 1132, offset 0, flags [none], proto: UDP (17), length: 907) 192.168.2.150.17107 > 216.234.78.8.5070: UDP, length 879
21:15:14.077168 IP (tos 0x0, ttl  53, id 0, offset 0, flags [DF], proto: UDP (17), length: 354) 216.234.78.8.5070 > 192.168.2.150.17107: UDP, length 326
21:15:14.088451 IP (tos 0x0, ttl  53, id 0, offset 0, flags [DF], proto: UDP (17), length: 527) 216.234.78.8.5070 > 192.168.2.150.17107: UDP, length 499
21:15:14.198211 IP (tos 0x0, ttl  64, id 1133, offset 0, flags [none], proto: UDP (17), length: 397) 192.168.2.150.17107 > 216.234.78.8.5070: UDP, length 369
21:15:14.200904 IP (tos 0x0, ttl  64, id 1134, offset 0, flags [none], proto: UDP (17), length: 1092) 192.168.2.150.17107 > 216.234.78.8.5070: UDP, length 1064
21:15:14.238091 IP (tos 0x0, ttl  53, id 0, offset 0, flags [DF], proto: UDP (17), length: 354) 216.234.78.8.5070 > 192.168.2.150.17107: UDP, length 326

iptables -L (grep for MAC)

Code:
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:sip MAC 6c:33:a9:11:f1:a1 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:sip MAC 6c:33:a9:11:f1:a1
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:vtsas MAC 6c:33:a9:11:f1:a1
ACCEPT     udp  --  anywhere             anywhere            udp dpt:vtsas MAC 6c:33:a9:11:f1:a1

tailing the firewall log I see this though:
Code:
INPUTFW:ACCEPT:3:l3 IN=br1 OUT= MAC=00:1b:2f:35:82:72:6c:33:a9:11:f1:a1:08:00 SRC=192.168.2.150 DST=192.168.2.1 LEN=60 TOS=00 PREC=0x00 TTL=255 ID=1435 PROTO=ICMP TYPE=8 CODE=0 ID=0 SEQ=0 MARK=3000
FORWARD:DROP IN=br1 OUT=eth2 MAC=00:1b:2f:35:82:72:6c:33:a9:11:f1:a1:08:00 SRC=192.168.2.150 DST=12.69.64.40 LEN=280 TOS=00 PREC=0x00 TTL=63 ID=1439 PROTO=UDP SPT=49162 DPT=18560 LEN=260 MARK=3000
FORWARD:DROP IN=br1 OUT=eth2 MAC=00:1b:2f:35:82:72:6c:33:a9:11:f1:a1:08:00 SRC=192.168.2.150 DST=12.69.64.40 LEN=280 TOS=00 PREC=0x00 TTL=63 ID=1440 PROTO=UDP SPT=49162 DPT=18560 LEN=260 MARK=3000
FORWARD:DROP IN=br1 OUT=eth2 MAC=00:1b:2f:35:82:72:6c:33:a9:11:f1:a1:08:00 SRC=192.168.2.150 DST=12.69.64.40 LEN=280 TOS=00 PREC=0x00 TTL=63 ID=1441 PROTO=UDP SPT=49162 DPT=18560 LEN=260 MARK=3000

Is my device using non standard ports, or is the ports shown above on these dropped packets normal for a SIP phone?

Thank you for any guidance.

-= Bruce
Logged
trymes
Full Member
***
Offline Offline

Posts: 36


« Reply #1 on: Friday 03 August 2012, 12:05:44 am »

SIP communicates using more than one port. One is for signalling, usually 5060, and the other is for the RTP traffic, which is the voice/video/etc.

Generally, you need to allow for both port 5060 and a range of ports for RTP. When using asterisk, for example, I generally forward 5060 and 10,000-20,000, but those numbers vary depending on the settings and type of your SIP server.

Tom
Logged
bdmeyer
Full Member
***
Offline Offline

Posts: 12


« Reply #2 on: Friday 03 August 2012, 12:32:03 am »

Thanks for the reply Tom,
   I'll figure what the port range is, and give it a try. I ended up in the mean time just setting a rule for the MAC address of the device and then UDP port ANY which works, but is sloppy.

-= Bruce
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com