Router Ports to open in order to establish remote SIP calls

[cmrabet]

Hi,

 

Remote users throught sofphones can register into our PBXnSIP server, we also can dial each other, we can hear the ringing, however when we pick up the phones we can't hear each other.

 

I found out that when the remote users logs into our VPN network (where the PBXnSIP server is), and they put in their SoftPhones "realm" parameter the privete PBXnSIP server IP, then WE CAN hear each other. However when they are not into the VPN they can just ring.

 

So far our static public IP is routing the following ports to the private IP used by our PBXnSIP server:

 

- SIP 5060

- SIP 5061

 

But I am pretty sure that these ports are not enough. Could you please let me know which ports should we open in our router and forward them to the PBXnSIP server in order to establish SIP remote calls?

 

Thanks and regards,

[pbx support]

Hi,

 

Remote users throught sofphones can register into our PBXnSIP server, we also can dial each other, we can hear the ringing, however when we pick up the phones we can't hear each other.

 

I found out that when the remote users logs into our VPN network (where the PBXnSIP server is), and they put in their SoftPhones "realm" parameter the privete PBXnSIP server IP, then WE CAN hear each other. However when they are not into the VPN they can just ring.

 

So far our static public IP is routing the following ports to the private IP used by our PBXnSIP server:

 

- SIP 5060

- SIP 5061

 

But I am pretty sure that these ports are not enough. Could you please let me know which ports should we open in our router and forward them to the PBXnSIP server in order to establish SIP remote calls?

 

Thanks and regards,

 

Please check out the RTP ports range under Admin->Settings->Ports page

[cmrabet]

Please check out the RTP ports range under Admin->Settings->Ports page

 

Well I checked these ports and they are from 49152 to 64512.

 

Also I made sure that from our router these ports are being forwarded to the PBXnSIP computer, however when from outside sombody tries to check one of those ports it appears as closed. So I wanted to investigate a little bit more; I logged into the PBXnSIP server, I made a "netstat -a" command, and I noticed that none of those ports were under "LISTENING", but the SIP ports, the SMTP ports, etc... were, so I think the origin of this issue is not the router configuration, but the PBXnSIP setup up.

 

Any ideas?

 

Thanks.

[shopcomputer]

Well I checked these ports and they are from 49152 to 64512.

 

Also I made sure that from our router these ports are being forwarded to the PBXnSIP computer, however when from outside sombody tries to check one of those ports it appears as closed. So I wanted to investigate a little bit more; I logged into the PBXnSIP server, I made a "netstat -a" command, and I noticed that none of those ports were under "LISTENING", but the SIP ports, the SMTP ports, etc... were, so I think the origin of this issue is not the router configuration, but the PBXnSIP setup up.

 

Any ideas?

 

Thanks.

These ports are UDP, not TCP, so a telnet to these ports won't show. They must be forwarded to the pbxnsip server. Also you may want to get a SIP aware router.

[cmrabet]

These ports are UDP, not TCP, so a telnet to these ports won't show. They must be forwarded to the pbxnsip server. Also you may want to get a SIP aware router.

 

Well actually we are using DD-WRT in a Cisco router, so I think it is already prepared for that, in fact the SIP signaling ports are already working.

 

Still no sound during the calls.

[shopcomputer]

Well actually we are using DD-WRT in a Cisco router, so I think it is already prepared for that, in fact the SIP signaling ports are already working.

 

Still no sound during the calls.

What model router are you using? Did you forward the RTP UDP port to the pbxnsip? This is definetly I firewall/ router issue.

 

YYou may also want to check http://wiki.pbxnsip.com/index.php/Office_w...ic_IP_addresses

[cmrabet]

What model router are you using? Did you forward the RTP UDP port to the pbxnsip? This is definetly I firewall/ router issue.

 

YYou may also want to check http://wiki.pbxnsip.com/index.php/Office_w...ic_IP_addresses

 

From the PBXnSIP side (A computer based in Ubuntu Server 8.10 Intrepid) the IPTABLES is not blocking any port.

 

Form the router side I am already forwarding ports 49152-64512 to the IP where the PBXnSIP computer is, in fact I am doing the same with ports 5060 and 5061 in the same way and they are working.

 

My Router model is WRT-54G (Linux version, 4.0).

 

Regards,

[shopcomputer]

From the PBXnSIP side (A computer based in Ubuntu Server 8.10 Intrepid) the IPTABLES is not blocking any port.

 

Form the router side I am already forwarding ports 49152-64512 to the IP where the PBXnSIP computer is, in fact I am doing the same with ports 5060 and 5061 in the same way and they are working.

 

My Router model is WRT-54G (Linux version, 4.0).

 

Regards,

The ports you are forwarding TCP or UDP or both?

[cmrabet]

The ports you are forwarding TCP or UDP or both?

 

For RTP both just in case.

[cmrabet]

For RTP both just in case.

 

I saw the link in the wiki and I am really afraid of changing the route tables, I really need help on this guys if it is the only way.

 

On the other hand I can't do DMZ since the same computer where the PBXnSIP is there is our web site server (port 80 is forwarded from our public IP). We are 3 extensions with 3-4 calls per day so we just mounted both servers in a last generation computer.

[cmrabet]

I saw the link in the wiki and I am really afraid of changing the route tables, I really need help on this guys if it is the only way.

 

On the other hand I can't do DMZ since the same computer where the PBXnSIP is there is our web site server (port 80 is forwarded from our public IP). We are 3 extensions with 3-4 calls per day so we just mounted both servers in a last generation computer.

 

This is my "route" command result from the PBXnSIP server console:

 

Destination Gateway Genmask Flags Metric Ref Use Iface

192.168.1.0 * 255.255.255.0 U 0 0 0 eth0

default Linksys 0.0.0.0 UG 100 0 0 eth0

 

However I don't understand why should I delete the "default" route entry and what should I add instead.

 

Thanks.

[shopcomputer]

This is my "route" command result from the PBXnSIP server console:

 

Destination Gateway Genmask Flags Metric Ref Use Iface

192.168.1.0 * 255.255.255.0 U 0 0 0 eth0

default Linksys 0.0.0.0 UG 100 0 0 eth0

 

However I don't understand why should I delete the "default" route entry and what should I add instead.

 

Thanks.

 

You should not need to play with your route. You may want to check your softphone to see if it is using any special ports.

I have it working through many routers including some linksys, though I never tried the linux version.

 

Attached please find a sample port forward from a router.

[cmrabet]

You should not need to play with your route. You may want to check your softphone to see if it is using any special ports.

I have it working through many routers including some linksys, though I never tried the linux version.

 

Attached please find a sample port forward from a router.

 

The same as I already have, look at the picture attached;

[shopcomputer]

The same as I already have, look at the picture attached;

From your image, it appears thar you are also behind a second firewall or router, as it says your wan IP is 192.168.2.2, which is a private IP.

[cmrabet]

From your image, it appears thar you are also behind a second firewall or router, as it says your wan IP is 192.168.2.2, which is a private IP.

 

Yes, your are right; The router is actually behind the DSL modem which is acting just in bridge mode, so no firewall no routing operations.

 

Our setup is as follows:

 

DSL (internet)->DSL modem (actually DSL modem & Router in bridge mode) -> Router (The Lynksys router)

PUBLIC IP -> 192.168.2.1 -> 198.168.1.1

 

Anyway, I am going to check the ADSL modem, but I didn't have to check anything while opening the 5060 ports and they work properly.

 

Regards.

[shopcomputer]

Yes, your are right; The router is actually behind the DSL modem which is acting just in bridge mode, so no firewall no routing operations.

 

Our setup is as follows:

 

DSL (internet)->DSL modem (actually DSL modem & Router in bridge mode) -> Router (The Lynksys router)

PUBLIC IP -> 192.168.2.1 -> 198.168.1.1

 

Anyway, I am going to check the ADSL modem, but I didn't have to check anything while opening the 5060 ports and they work properly.

 

Regards.

Bridge mode should not assign the 2.1 address to your router, your router should be assigned the public IP, staticly, DHCP or PPPOE. double NAT with SIP which is not NAT friendly, is a NO NO.