DNS and Firewall settings

ElastixUser

Joined
Feb 17, 2010
Messages
3
Likes
0
Points
0
#1
Dear masters,

I installed Elastix-1.6.0-x86_64-bin-29oct2009.iso.

i have some questions like the every other starters.

My elastix server is on the 192.168.11.x/24 network. ( this is my DMZ network)
My clients ( the ip-phones ) are on the 192.168.10.x/24 network. ( LAN network )

My DNS servers (2x) are all on the DMZ networks with the 192.168.11.x ips . And these DNS servers are both for the private and public networks. ( so, we are using our own dns servers both for private and public operations )

I have two separate A host records on the DNS servers which points to my public ip and the private ip.

sip.mycompany.local. - A - 192.168.11.212
sip.mycompany.com. - A - X.X.X.X

My elastix server host name is sip.mycompany.local.

The SRV records are ;

PRIVATE
_sip._tcp.mycompany.local. 5060 -> pointing to sip.mycompany.local.
_sip._udp.mycompany.local. 5060 -> pointing to sip.mycompany.local.

PUBLIC
_sip._tcp.mycompany.com. 5060 -> pointing to sip.mycompany.com.
_sip._udp.mycompany.com. 5060 -> pointing to sip.mycompany.com.

As you see, the elastix server is behind the NAT. So there is a 1:1 nat on the firewall.

These ports are open:

TCP: x.x.x.x:[5060-5080] -> 192.168.11.212:[5060-5080]
UDP: x.x.x.x: [5060-5080] -> 192.168.11.212:[5060-5080]
UDP: x.x.x.x:[30000-31000] -> 192.168.11.212: [30000-31000]
(*1) [5060-5080] is a range .

The configuration files are like these:

rtp.conf:
rtpstart=30000
rtpend=31000

sip.conf:
nat=yes
externip=X.X.X.X
localnet=192.168.10.0/255.255.255.0
localnet=192.168.11.0/255.255.255.0

Could you please check my configuration which i tried to explain above ?? Is everything ok ?

Are my sip.conf and rtp.conf files ok ? What do you think about these ports ?

And also i want to be sure if my DNS settings are ok.

Could you suggest to me something more ?

Kind regards
 

ElastixUser

Joined
Feb 17, 2010
Messages
3
Likes
0
Points
0
#2
?? please guys , i need some suggestions..
 

ramoncio

Joined
May 12, 2010
Messages
1,663
Likes
0
Points
0
#3
I you have several networks asterisk usually has trouble. It isn't ready for multihoming.
If you setup static routes to leave asterisk no choices it may work, but I'm not sure.
 

Chilling_Silence

Joined
Sep 23, 2008
Messages
488
Likes
0
Points
0
#4
I'm with ramoncio, start with a single server then build up from there.

You might also want to confirm the RTP ports your phones are using, by default could be 10000 -> 20000 for example
Also, you won't need TCP ports open, SIP only uses UDP 5060 and RTP ports.

So a few things come to mind:
What phones are you using?
What issues are you *actually* having?

Cheers


Chill.
 

ElastixUser

Joined
Feb 17, 2010
Messages
3
Likes
0
Points
0
#5
thanks for your answer.

i was using SipX before the elastix.. actually i try diffent systems .. after sipx, i didnt change the ports on firewall.. Should i change ??

as well, how could i use my elastix server which must be behind the nat ? isnt it possible ?
 

Chilling_Silence

Joined
Sep 23, 2008
Messages
488
Likes
0
Points
0
#6
Yes it is most definitely possible :)

Forward all the UDP ports if you want / can and then work back from there
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,902
Messages
130,886
Members
17,564
Latest member
Mai Tuyen
Top