DNS and Firewall settings

Discussion in 'General' started by ElastixUser, Feb 17, 2010.

  1. ElastixUser

    Joined:
    Feb 17, 2010
    Messages:
    3
    Likes Received:
    0
    Dear masters,

    I installed Elastix-1.6.0-x86_64-bin-29oct2009.iso.

    i have some questions like the every other starters.

    My elastix server is on the 192.168.11.x/24 network. ( this is my DMZ network)
    My clients ( the ip-phones ) are on the 192.168.10.x/24 network. ( LAN network )

    My DNS servers (2x) are all on the DMZ networks with the 192.168.11.x ips . And these DNS servers are both for the private and public networks. ( so, we are using our own dns servers both for private and public operations )

    I have two separate A host records on the DNS servers which points to my public ip and the private ip.

    sip.mycompany.local. - A - 192.168.11.212
    sip.mycompany.com. - A - X.X.X.X

    My elastix server host name is sip.mycompany.local.

    The SRV records are ;

    PRIVATE
    _sip._tcp.mycompany.local. 5060 -> pointing to sip.mycompany.local.
    _sip._udp.mycompany.local. 5060 -> pointing to sip.mycompany.local.

    PUBLIC
    _sip._tcp.mycompany.com. 5060 -> pointing to sip.mycompany.com.
    _sip._udp.mycompany.com. 5060 -> pointing to sip.mycompany.com.

    As you see, the elastix server is behind the NAT. So there is a 1:1 nat on the firewall.

    These ports are open:

    TCP: x.x.x.x:[5060-5080] -> 192.168.11.212:[5060-5080]
    UDP: x.x.x.x: [5060-5080] -> 192.168.11.212:[5060-5080]
    UDP: x.x.x.x:[30000-31000] -> 192.168.11.212: [30000-31000]
    (*1) [5060-5080] is a range .

    The configuration files are like these:

    rtp.conf:
    rtpstart=30000
    rtpend=31000

    sip.conf:
    nat=yes
    externip=X.X.X.X
    localnet=192.168.10.0/255.255.255.0
    localnet=192.168.11.0/255.255.255.0

    Could you please check my configuration which i tried to explain above ?? Is everything ok ?

    Are my sip.conf and rtp.conf files ok ? What do you think about these ports ?

    And also i want to be sure if my DNS settings are ok.

    Could you suggest to me something more ?

    Kind regards
     
  2. ElastixUser

    Joined:
    Feb 17, 2010
    Messages:
    3
    Likes Received:
    0
    ?? please guys , i need some suggestions..
     
  3. ramoncio

    Joined:
    May 12, 2010
    Messages:
    1,663
    Likes Received:
    0
    I you have several networks asterisk usually has trouble. It isn't ready for multihoming.
    If you setup static routes to leave asterisk no choices it may work, but I'm not sure.
     
  4. Chilling_Silence

    Joined:
    Sep 23, 2008
    Messages:
    488
    Likes Received:
    0
    I'm with ramoncio, start with a single server then build up from there.

    You might also want to confirm the RTP ports your phones are using, by default could be 10000 -> 20000 for example
    Also, you won't need TCP ports open, SIP only uses UDP 5060 and RTP ports.

    So a few things come to mind:
    What phones are you using?
    What issues are you *actually* having?

    Cheers


    Chill.
     
  5. ElastixUser

    Joined:
    Feb 17, 2010
    Messages:
    3
    Likes Received:
    0
    thanks for your answer.

    i was using SipX before the elastix.. actually i try diffent systems .. after sipx, i didnt change the ports on firewall.. Should i change ??

    as well, how could i use my elastix server which must be behind the nat ? isnt it possible ?
     
  6. Chilling_Silence

    Joined:
    Sep 23, 2008
    Messages:
    488
    Likes Received:
    0
    Yes it is most definitely possible :)

    Forward all the UDP ports if you want / can and then work back from there
     

Share This Page