Port Forwarding for SIP

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Port Forwarding for SIP

Postby Keyfin » Tue Mar 08, 2016 9:49 am

Running a single server vicibox installation. I'm trying to forward the port 10000-25000 through a Netgear router to the server. The router will only allow me to forward ports 10000-11000, it says the other ports are used by a different configuration, but I have no other configuration, port forwarding/triggering or otherwise. Any advice?
ViciBox: 7.0.3 | VERSION: 2.14-585a BUILD: 170114-1356 | SVN Version: 2661 |Single Server | DGG installed
Keyfin
 
Posts: 60
Joined: Tue Feb 23, 2016 8:27 pm

Re: Port Forwarding for SIP

Postby williamconley » Tue Mar 08, 2016 11:05 pm

1) Welcome to the Party! 8-)

2) As you are obviously new here, I have some suggestions to help us all help you:

When you post, please post your entire configuration including (but not limited to) your installation method and vicidial version with build.

This IS a requirement for posting along with reading the stickies (at the top of each forum) and the manager's manual (available on EFLO.net, both free and paid versions)

You should also post: Asterisk version, telephony hardware (model number is helpful here), cluster information if you have one, and whether any other software is installed in the box. If your installation method is "from scratch" you must post your operating system and should also post the .iso version from which you installed your original operating system. If your installation is "Hosted" list the site name of the host.

If this is a "Cloud" or "Virtual" server, please note the technology involved along with the version of that techology (ie: VMware Server Version 2.0.2). If it is not, merely stating the Motherboard model # and CPU would be helpful.

Similar to This:

Vicibox X.X from .iso | Vicidial X.X.X-XXX Build XXXXXX-XXXX | Asterisk X.X.X | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel DG35EC | Core2Quad Q6600

3) Advice: Don't Forward those ports. Ordinarily they should be set up as trigger ports. Many routers don't need to have them configured at all unless there are two routers involved (yours and the carriers or yours and the clients). Port 5060 for inbound ordinarily suffices (and NO ports are actually needed for outbound or for registration-based carriers). That being said, have you tested calls for sound in both directions without forwarding?

4) If this is not a "connect your vici to a carrier" situation, but a "home working agents" situation, consider IAX2. Removes the need for trigger ports.

5) Also, the ports in use by sip traffic are configurable ... although I've never tried it personally. You may be able to change to 30000-50000. 8-)
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Port Forwarding for SIP

Postby Keyfin » Wed Mar 09, 2016 4:23 pm

Vicibox 7.0.1 from .iso | Vicidial 2.12-541a Build 160306-1053 | Asterisk 11.21.0 | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation

thanks for the reply
I'm using the standard install from the box and everything is working great from within the network. I have no hosted site and i'm trying to connect remotely using the external ip address of the server.

I can reach the agent/admin login screen from outside the network but only if I port forward port 80 to the internal server ip through the router.

I cannot, however get an external phone to register using either sip or iax

the asterisk readout does not display any attempt to register from external source
ViciBox: 7.0.3 | VERSION: 2.14-585a BUILD: 170114-1356 | SVN Version: 2661 |Single Server | DGG installed
Keyfin
 
Posts: 60
Joined: Tue Feb 23, 2016 8:27 pm

Re: Port Forwarding for SIP

Postby MJCoate » Wed Mar 09, 2016 9:03 pm

Are ports 5060/5061 being forwarded? These are what SIP uses. As for the Netgear issue, I'd recommend contacting them since it's their product giving you the error. What's the model router?
Mike Coate | VICIdial Technical Support Staff
MJCoate
 
Posts: 82
Joined: Wed Mar 25, 2015 1:57 pm

Re: Port Forwarding for SIP

Postby Keyfin » Wed Mar 09, 2016 9:33 pm

Thanks for the reply MJC!
I'm not at the office right now so can't verify but I'm pretty sure the router is an r6000 series. I'll update this when I get into the office tomorrow morning. It is running Netgear Genie for the interface.

And yes, I've tried forwarding ports 80, 5060-5061.
I've also tried 80, 5060-5061, 10000-20000 but when I try this configuration, the router says those port are being used in another configuration, check port forwarding/triggering, internet settings, etc.
I'm assuming the higher ports, referred to in other posts I've read as RTP, aren't required for the phone registration, just voice... so with 5060-5061 forwarded, the phone should register, but as I stated, the Asterisk CLI output, isn't even displaying an attempt to register a sip phone. Error on sip phone 408 server time out.
ViciBox: 7.0.3 | VERSION: 2.14-585a BUILD: 170114-1356 | SVN Version: 2661 |Single Server | DGG installed
Keyfin
 
Posts: 60
Joined: Tue Feb 23, 2016 8:27 pm

Re: Port Forwarding for SIP

Postby Keyfin » Wed Mar 09, 2016 11:57 pm

R6250 net gear
ViciBox: 7.0.3 | VERSION: 2.14-585a BUILD: 170114-1356 | SVN Version: 2661 |Single Server | DGG installed
Keyfin
 
Posts: 60
Joined: Tue Feb 23, 2016 8:27 pm

Re: Port Forwarding for SIP

Postby Keyfin » Fri Mar 11, 2016 3:37 pm

@ william
I have tried IAX as well, using Zoiper phone... but the same thing happens. There is no attempt to register the phone from the Asterisk CLI, even if I forward port 4569 (used by IAX) through the router to the server.
ViciBox: 7.0.3 | VERSION: 2.14-585a BUILD: 170114-1356 | SVN Version: 2661 |Single Server | DGG installed
Keyfin
 
Posts: 60
Joined: Tue Feb 23, 2016 8:27 pm

Re: Port Forwarding for SIP

Postby Keyfin » Sat Mar 12, 2016 2:09 pm

I finally got IAX to register, I had port 4569 forwarded through the router, but not the modem, so i had to login to the modem web interface, forward port 4569 to the router, then forward port 4569 from the router to the server, hope this helps other... still can't get sip to make a phone call, but sip will register, so i'm closer, i'm guessing the voice communication for sip issue has to do with a double nat problem with sip.
side note: I had to tell the modem to forward the port to the internet ip address of the router, not the router's network ip. In my configuration the modem network ip is 192.168.0.1, so the router ip as seen by the modem is 192.168.0.2, even though the network ip address for the router is 192.168.1.1. So I forwarded port 4569 to 192.168.0.2 in the modem's configuration, and routed 4569 to 192.168.1.200 (server ip) in the router's configuration.
ViciBox: 7.0.3 | VERSION: 2.14-585a BUILD: 170114-1356 | SVN Version: 2661 |Single Server | DGG installed
Keyfin
 
Posts: 60
Joined: Tue Feb 23, 2016 8:27 pm

Re: Port Forwarding for SIP

Postby williamconley » Thu Mar 17, 2016 12:41 pm

If you have both a router and a modem ... and you required "forwarding" through both ... then your "modem" is actually a router (having the word "modem" on the outer plastic case of a device that is acting as a router, does not stop it from being a "router", LOL).

Which means your Modem/router likely has a Public IP. And it provides a Private Network for the other router. Then that other router has an IP on that private network ... and creates yet another Private Network nested inside the first private network. This is commonly referred to as "double NATting". NAT=Network Address Translation and pretty much just means "there is a router here, handling this traffic".

So your SIP phone / computer / server (SIP device) has an IP address of ... let's say "192.168.1.15" and uses the router at "192.168.1.1" to gain access to the outer world. But in this case, the outer world is NOT the internet. It's another private network.

So the router at 192.168.1.1 on that private network (inside) has an outside IP of 10.0.0.15 which is a private IP on another network managed by the modem which is 10.0.0.1 on that private network. Then the modem has a public IP of 81.15.1.55 (ie: public IP!). "double private network" or "double NATting"

SIP can NOT double NAT unless you have very good routers and/or a very healthy understanding of the layers of network packeting and often this requires either a Degree or a lot of luck.

We recommend that every Vicidial server have its own Public IP. It tends to reduce these problems. And if you use iptables for whitelisted access (approved IPs ONLY), it's even very secure. And those routers (that no longer exist) will not be able to crash one day and down your Vicidial server. LOL
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)


Return to Support

Who is online

Users browsing this forum: No registered users and 39 guests