Problemas de NAT

Discussion in 'Elastix 2.x' started by GuayO!, Mar 21, 2011.

  1. GuayO!

    Joined:
    Feb 18, 2011
    Messages:
    10
    Likes Received:
    0
    Estimados.

    Les cuento un poco mi problema.

    Tengo instalado una central Elastix, funcionando sin problemas entre anexos, pero al tratar de comunicarme a un anexo al exterior, no tengo audio.
    He vistos muchos post que indican que configurar el NAT, esto deberia solucionarlo, pero no lo he podido resolver.

    Acontinuación adjunto mi configuracion de nat, sip, rtp etc.


    ;
    ; RTP Configuration
    ;
    [general]
    ;
    ; RTP start and RTP end configure start and end addresses
    ; These are the addresses where your system will RECEIVE audio and video streams.
    ; If you have connections across a firewall, make sure that these are open.
    ;
    rtpstart=10000
    rtpend=20000

    ----------------------------
    SIP_NAT.CONF

    nat=yes
    externip=190.151.93.234
    localnet=192.168.100.0/255.255.255.240
    localnet=192.168.16.0/255.255.255.0
    localnet=10.254.210.0/255.255.255.240
    qualify=yes
    externrefresh=120


    redireccioné lo que venía del puerto 5060 a mi IP publica.

    ------------------------------------------------------------
    CONFIGURACIÓN DE MI TRUNK

    PEER Details

    host=10.254.210.82
    type=peer
    context=from-trunk
    port=5060
    allow=all
    disallow=all
    qualify=yes
    nat=yes

    User Details
    context=from-trunk
    host=10.254.210.82
    type=friend
    allow=all
    disallow=all
    nat=yes

    ---------------------------
    Sip show peer
    190*CLI> sip show peers
    Name/username Host Dyn Nat ACL Port Status
    101/101 200.54.156.100 D N A 1056 OK (76 ms)
    2000 (Unspecified) D A 5060 UNKNOWN
    2001/2001 186.40.103.240 D N A 6954 OK (1545 ms)
    2002 (Unspecified) D N A 5060 UNKNOWN
    2004 (Unspecified) D N A 5060 UNKNOWN
    892000 10.254.210.82 N 5060 UNREACHABLE
    sip_entel 10.254.210.82 N 5060 UNREACHABLE

    ----------------------------
    190*CLI> sip set debug 2001
    No such command 'sip set debug 2001' (type 'core show help sip set debug' for ot her possible commands)
    == Using SIP RTP TOS bits 184
    == Using SIP RTP CoS mark 5
    -- Executing [650720@from-internal:1] Macro("SIP/2001-00000000", "user-calle rid,SKIPTTL,") in new stack
    -- Executing [s@macro-user-callerid:1] Set("SIP/2001-00000000", "AMPUSER=200 1") in new stack
    -- Executing [s@macro-user-callerid:2] GotoIf("SIP/2001-00000000", "0?report ") in new stack
    -- Executing [s@macro-user-callerid:3] ExecIf("SIP/2001-00000000", "1?Set(RE ALCALLERIDNUM=2001)") in new stack
    -- Executing [s@macro-user-callerid:4] Set("SIP/2001-00000000", "AMPUSER=200 1") in new stack
    -- Executing [s@macro-user-callerid:5] Set("SIP/2001-00000000", "AMPUSERCIDN AME=Claudio") in new stack
    -- Executing [s@macro-user-callerid:6] GotoIf("SIP/2001-00000000", "0?report ") in new stack
    -- Executing [s@macro-user-callerid:7] Set("SIP/2001-00000000", "AMPUSERCID= 2001") in new stack
    -- Executing [s@macro-user-callerid:8] Set("SIP/2001-00000000", "CALLERID(al l)="Claudio" <2001>") in new stack
    -- Executing [s@macro-user-callerid:9] ExecIf("SIP/2001-00000000", "0?Set(CH ANNEL(language)=)") in new stack
    -- Executing [s@macro-user-callerid:10] GotoIf("SIP/2001-00000000", "1?conti nue") in new stack
    -- Goto (macro-user-callerid,s,19)
    -- Executing [s@macro-user-callerid:19] NoOp("SIP/2001-00000000", "Using Cal lerID "Claudio" <2001>") in new stack
    -- Executing [650720@from-internal:2] Set("SIP/2001-00000000", "_NODEST=") i n new stack
    -- Executing [650720@from-internal:3] Macro("SIP/2001-00000000", "record-ena ble,2001,OUT,") in new stack
    -- Executing [s@macro-record-enable:1] GotoIf("SIP/2001-00000000", "1?check" ) in new stack
    -- Goto (macro-record-enable,s,4)
    -- Executing [s@macro-record-enable:4] ExecIf("SIP/2001-00000000", "0?MacroE xit()") in new stack
    -- Executing [s@macro-record-enable:5] GotoIf("SIP/2001-00000000", "0?Group: OUT") in new stack
    -- Goto (macro-record-enable,s,15)
    -- Executing [s@macro-record-enable:15] GotoIf("SIP/2001-00000000", "0?IN") in new stack
    -- Executing [s@macro-record-enable:16] ExecIf("SIP/2001-00000000", "1?Macro Exit()") in new stack
    -- Executing [650720@from-internal:4] Macro("SIP/2001-00000000", "dialout-tr unk,2,650720,,") in new stack
    -- Executing [s@macro-dialout-trunk:1] Set("SIP/2001-00000000", "DIAL_TRUNK= 2") in new stack
    -- Executing [s@macro-dialout-trunk:2] GosubIf("SIP/2001-00000000", "0?sub-p incheck,s,1") in new stack
    -- Executing [s@macro-dialout-trunk:3] GotoIf("SIP/2001-00000000", "0?disabl etrunk,1") in new stack
    -- Executing [s@macro-dialout-trunk:4] Set("SIP/2001-00000000", "DIAL_NUMBER =650720") in new stack
    -- Executing [s@macro-dialout-trunk:5] Set("SIP/2001-00000000", "DIAL_TRUNK_ OPTIONS=tr") in new stack
    -- Executing [s@macro-dialout-trunk:6] Set("SIP/2001-00000000", "OUTBOUND_GR OUP=OUT_2") in new stack
    -- Executing [s@macro-dialout-trunk:7] GotoIf("SIP/2001-00000000", "1?nomax" ) in new stack
    -- Goto (macro-dialout-trunk,s,9)
    -- Executing [s@macro-dialout-trunk:9] GotoIf("SIP/2001-00000000", "0?skipou tcid") in new stack
    -- Executing [s@macro-dialout-trunk:10] Set("SIP/2001-00000000", "DIAL_TRUNK _OPTIONS=") in new stack
    -- Executing [s@macro-dialout-trunk:11] Macro("SIP/2001-00000000", "outbound -callerid,2") in new stack
    -- Executing [s@macro-outbound-callerid:1] ExecIf("SIP/2001-00000000", "0?Se t(CALLERPRES()=)") in new stack
    -- Executing [s@macro-outbound-callerid:2] ExecIf("SIP/2001-00000000", "0?Se t(REALCALLERIDNUM=2001)") in new stack
    -- Executing [s@macro-outbound-callerid:3] GotoIf("SIP/2001-00000000", "1?no rmcid") in new stack
    -- Goto (macro-outbound-callerid,s,6)
    -- Executing [s@macro-outbound-callerid:6] Set("SIP/2001-00000000", "USEROUT CID=") in new stack
    -- Executing [s@macro-outbound-callerid:7] Set("SIP/2001-00000000", "EMERGEN CYCID=") in new stack
    -- Executing [s@macro-outbound-callerid:8] Set("SIP/2001-00000000", "TRUNKOU TCID=892000") in new stack
    -- Executing [s@macro-outbound-callerid:9] GotoIf("SIP/2001-00000000", "1?tr unkcid") in new stack
    -- Goto (macro-outbound-callerid,s,12)
    -- Executing [s@macro-outbound-callerid:12] ExecIf("SIP/2001-00000000", "1?S et(CALLERID(all)=892000)") in new stack
    -- Executing [s@macro-outbound-callerid:13] ExecIf("SIP/2001-00000000", "0?S et(CALLERID(all)=)") in new stack
    -- Executing [s@macro-outbound-callerid:14] ExecIf("SIP/2001-00000000", "0?S et(CALLERID(all)=)") in new stack
    -- Executing [s@macro-outbound-callerid:15] ExecIf("SIP/2001-00000000", "0?S et(CALLERPRES()=prohib_passed_screen)") in new stack
    -- Executing [s@macro-dialout-trunk:12] ExecIf("SIP/2001-00000000", "1?AGI(f ixlocalprefix)") in new stack
    -- Launched AGI Script /var/lib/asterisk/agi-bin/fixlocalprefix
    == fixlocalprefix: Dialpattern . matched. 650720 -> 650720
    -- <SIP/2001-00000000>AGI Script fixlocalprefix completed, returning 0
    -- Executing [s@macro-dialout-trunk:13] Set("SIP/2001-00000000", "OUTNUM=650 720") in new stack
    -- Executing [s@macro-dialout-trunk:14] Set("SIP/2001-00000000", "custom=SIP /sip_entel") in new stack
    -- Executing [s@macro-dialout-trunk:15] ExecIf("SIP/2001-00000000", "0?Set(D IAL_TRUNK_OPTIONS=M(setmusic^))") in new stack
    -- Executing [s@macro-dialout-trunk:16] Macro("SIP/2001-00000000", "dialout- trunk-predial-hook,") in new stack
    -- Executing [s@macro-dialout-trunk-predial-hook:1] MacroExit("SIP/2001-0000 0000", "") in new stack
    -- Executing [s@macro-dialout-trunk:17] GotoIf("SIP/2001-00000000", "0?bypas s,1") in new stack
    -- Executing [s@macro-dialout-trunk:18] GotoIf("SIP/2001-00000000", "0?custo mtrunk") in new stack
    -- Executing [s@macro-dialout-trunk:19] Dial("SIP/2001-00000000", "SIP/sip_e ntel/650720,300,") in new stack
    == Using SIP RTP TOS bits 184
    == Using SIP RTP CoS mark 5
    == Everyone is busy/congested at this time (1:0/0/1)
    -- Executing [s@macro-dialout-trunk:20] NoOp("SIP/2001-00000000", "Dial fail ed for some reason with DIALSTATUS = CHANUNAVAIL and HANGUPCAUSE = 20") in new s tack
    -- Executing [s@macro-dialout-trunk:21] Goto("SIP/2001-00000000", "s-CHANUNA VAIL,1") in new stack
    -- Goto (macro-dialout-trunk,s-CHANUNAVAIL,1)
    -- Executing [s-CHANUNAVAIL@macro-dialout-trunk:1] Set("SIP/2001-00000000", "RC=20") in new stack
    -- Executing [s-CHANUNAVAIL@macro-dialout-trunk:2] Goto("SIP/2001-00000000", "20,1") in new stack
    -- Goto (macro-dialout-trunk,20,1)
    -- Executing [20@macro-dialout-trunk:1] Goto("SIP/2001-00000000", "continue, 1") in new stack
    -- Goto (macro-dialout-trunk,continue,1)
    -- Executing [continue@macro-dialout-trunk:1] GotoIf("SIP/2001-00000000", "1 ?noreport") in new stack
    -- Goto (macro-dialout-trunk,continue,3)
    -- Executing [continue@macro-dialout-trunk:3] NoOp("SIP/2001-00000000", "TRU NK Dial failed due to CHANUNAVAIL HANGUPCAUSE: 20 - failing through to other tru nks") in new stack
    -- Executing [continue@macro-dialout-trunk:4] Set("SIP/2001-00000000", "CALL ERID(number)=2001") in new stack
    -- Executing [650720@from-internal:5] Macro("SIP/2001-00000000", "outisbusy, ") in new stack
    -- Executing [s@macro-outisbusy:1] Progress("SIP/2001-00000000", "") in new stack
    -- Executing [s@macro-outisbusy:2] GotoIf("SIP/2001-00000000", "0?emergency, 1") in new stack
    -- Executing [s@macro-outisbusy:3] GotoIf("SIP/2001-00000000", "0?intracompa ny,1") in new stack
    -- Executing [s@macro-outisbusy:4] Playback("SIP/2001-00000000", "all-circui ts-busy-now&pls-try-call-later, noanswer") in new stack
    -- <SIP/2001-00000000> Playing 'all-circuits-busy-now.gsm' (language 'en')
    -- <SIP/2001-00000000> Playing 'pls-try-call-later.gsm' (language 'en')
    == Spawn extension (macro-outisbusy, s, 4) exited non-zero on 'SIP/2001-000000 00' in macro 'outisbusy'
    == Spawn extension (from-internal, 650720, 5) exited non-zero on 'SIP/2001-000 00000'
    -- Executing [h@from-internal:1] Macro("SIP/2001-00000000", "hangupcall") in new stack
    -- Executing [s@macro-hangupcall:1] GotoIf("SIP/2001-00000000", "1?noautomon ") in new stack
    -- Goto (macro-hangupcall,s,3)
    -- Executing [s@macro-hangupcall:3] NoOp("SIP/2001-00000000", "TOUCH_MONITOR _OUTPUT=") in new stack
    -- Executing [s@macro-hangupcall:4] GotoIf("SIP/2001-00000000", "1?noautomon 2") in new stack
    -- Goto (macro-hangupcall,s,6)
    -- Executing [s@macro-hangupcall:6] NoOp("SIP/2001-00000000", "MONITOR_FILEN AME=") in new stack
    -- Executing [s@macro-hangupcall:7] GotoIf("SIP/2001-00000000", "1?skiprg") in new stack
    -- Goto (macro-hangupcall,s,10)
    -- Executing [s@macro-hangupcall:10] GotoIf("SIP/2001-00000000", "1?skipblkv m") in new stack
    -- Goto (macro-hangupcall,s,13)
    -- Executing [s@macro-hangupcall:13] GotoIf("SIP/2001-00000000", "1?theend") in new stack
    -- Goto (macro-hangupcall,s,15)
    -- Executing [s@macro-hangupcall:15] Hangup("SIP/2001-00000000", "") in new stack
    == Spawn extension (macro-hangupcall, s, 15) exited non-zero on 'SIP/2001-0000 0000' in macro 'hangupcall'
    == Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/2001-00000000


    Se me acaban las ideas, ojala me puedan echar alguna mano, les comento que desactivé los firewalls pensando que podía estar bloqueando los puertos 5060 y los de rtp

    Saludos

    y Gracias
     
  2. fmvillares

    Joined:
    Sep 8, 2007
    Messages:
    1,785
    Likes Received:
    0
    redireccionaste solo el sip y el sonido por el rtp donde esta???
     
  3. GuayO!

    Joined:
    Feb 18, 2011
    Messages:
    10
    Likes Received:
    0
    Estimado.

    A donde tengo que redireccionar esos puertos, a mi enlace de internet o a mi LAN.

    iptables -t nat -A PREROUTING -i eth2 -p UDP --dport 10000:20000 -j DNAT --to 192.168.100.201

    Saludos y gracias por darte el tiempo de responder.

    Claudio Urey
     
  4. fmvillares

    Joined:
    Sep 8, 2007
    Messages:
    1,785
    Likes Received:
    0
    lo mismo que hiciste en el 5060 pero con los de rtp
     
  5. GuayO!

    Joined:
    Feb 18, 2011
    Messages:
    10
    Likes Received:
    0
    Estimado

    He escrito los siguientes comandos.

    [root@200-54-156-100 ~]# iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5060:5080 -j DNAT --to 192.168.16.11
    [root@200-54-156-100 ~]# iptables -t nat -A PREROUTING -i eth0 -p udp --dport 10000:20000 -j DNAT --to 192.168.16.11

    En mi firewall, pero sigo sin tener audio. :(
     
  6. fmvillares

    Joined:
    Sep 8, 2007
    Messages:
    1,785
    Likes Received:
    0
    etnes qeu ser mas explicito no veo asi a simple vista razones de todas frmas con ip tables me agarraste ya que yo uso firewalls de hardware no maquinas por soft
     
  7. Luis Diego

    Joined:
    Nov 1, 2010
    Messages:
    237
    Likes Received:
    0
    intenta con tcp y udp en tu iptables:

    [root@200-54-156-100 ~]# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5060:5080 -j DNAT --to 192.168.16.11
    [root@200-54-156-100 ~]# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 10000:20000 -j DNAT --to 192.168.16.11

    Fernando que firewall usas???
     
  8. GuayO!

    Joined:
    Feb 18, 2011
    Messages:
    10
    Likes Received:
    0
    Estimado.

    Intente lo que me dijistes, pero sigo sin audio.

    Help!

    Buenos, para que se hagan una idea.

    Esta es mi Red.

    Asterisk 2 tarjetas de red 192.168.100.200 y 192.168.16.11
    Firewall 192.168.16.250
    Enlace de Internet 190.151.93.233

    Una de las puertas del asterisk se conectar con el firewall y la otra director al router que me da el servicio de Trunk IP.

    Asterisk ----> Firewall ----> Enlace de Internet
    Asterisk ----> Router ISP Trunk

    Abrí los puertos del firewall, y le indiqué que los paquetes UDP, los llevará a la IP 192.168.16.11

    Mi duda es, ¿Los paquetes que llegan a mi Asterisk por la 192.168.16.11, se tienen que redireccionar a la 192.168.100.200, que es mi otra tarjeta de red, que me da el enlace de voz?

    Saludos.
     
  9. fmvillares

    Joined:
    Sep 8, 2007
    Messages:
    1,785
    Likes Received:
    0
    tenes q agregar las rutas estaticas entre las 2 redes...
     
  10. Luis Diego

    Joined:
    Nov 1, 2010
    Messages:
    237
    Likes Received:
    0
    haber intenta dandole ping si te responde.
     

Share This Page