Untangle Blocking SIP Registration

Cpoc · 06-24-2009, 01:15 PM

Ok here is my setup.

Running untangle 6.1 and my modem from ISP is set to bridge mode. My ISP is using PPPOE. Untangle is the gateway and firewall at 192.168.3.1. My Asterisk box is behind untangle's lan at 192.168.3.20.

I have tried different firewall port forward rules but nothing works. My asterisk box cannot register to my Voip provider. I did some tests with my Voip provider and removed Asterisk from untangles lan and put it directly at the modem. I had to remove the bridge mode for this test and enabled the DHCP server in my modem. The Asterisk box registered right away also did the X-Light software from my laptop the was also connected to the modem for this test.

So I know 100% it's not an issue with my Voip provider and is with untangle's firewall settings.

I have searched these forums but could not find my solution. The Bypass rules are set at default. So I believe my port forward is not working correctly.

If anybody has Asterisk working behind untangle please explain how you did this.

I have been hours searching and pulling my hair at this point I don't have much hair too pull.

Please help..

sky-knight · 06-24-2009, 01:37 PM

Quote:

Originally Posted by Cpoc

So I know 100% it's not an issue with my Voip provider and is with untangle's firewall settings.

Not actually true.

What you are dealing with is NAT, SIP + NAT = Large Pain.

Config -> Networking -> Advanced -> Bypass

Untick the box that says "enable SIP Nat Helper" and then you can configure your Asterisk Box to do the NAT juggling for you.

If you currently have your asterisk box doing nat adjustments, you can also try try turning the features off and see if the UT juggles it for you.

Beyond that, it's a bit beyond the scope of the untangle forums to go over the insanity that is the sip protocol with NAT in the way.

Cpoc · 06-24-2009, 01:46 PM

I have left the advanced settings as default but I am going to do what you ask.
I will uncheck "enable SIP NAT Helper"

As for port forwarding rules what do you suggest.

Thanks again for responding so quickly.

sky-knight · 06-24-2009, 01:50 PM

Well you need to check the documentation on your phone switch.

SIP runs on UDP 5060 by default, but then the audio goes over RTP which is some kind of port range. 10000-20000 is the default, and the normal for SwitchVOX but Asterisk in general is a very wide beast. So once you get into that world... you're just going to have to attack the manual regarding NAT on the PBX and see what you turn up.

Incidentally there is a bypass rule for SIP by default, but this doesn't cover RTP, so you need to create a bypass rule to match the port forward for RTP so the UVM doesn't make your sound skip.

Cpoc · 06-24-2009, 01:54 PM

I tried your suggestion but still does not work.

As for my port forward rules I have....they may be wrong

Destination Port > 5060
Source Interface > Internal
Protocol > UDP
New Destination > 192.168.3.20

Cpoc · 06-24-2009, 02:01 PM

Is my port forwarding rule correct

What other suggestion you suggest. Some say putting on DMZ would solve problem others say DMZ would be worse.

I am running PBXInaFlash as my Asterisk server.

sky-knight · 06-24-2009, 02:42 PM

Quote:

Originally Posted by Cpoc

I tried your suggestion but still does not work.

As for my port forward rules I have....they may be wrong

Destination Port > 5060
Source Interface > Internal
Protocol > UDP
New Destination > 192.168.3.20

Yeah that's wrong.

Try this

Destination Port 5060
Source Interface External
Protocol UDP
Destined Local
New Destination *blah*

Cpoc · 06-24-2009, 02:58 PM

It sill won't register. I have tried with the Sip Nat Helpers enabled and disabled.

I even commented out my sip_nat.conf settings.

externhost=xxxxx.dyndns.org
localnet=192.168.3.0/255.255.255.0
nat=yes
externrefresh=120

It just won't connect at all. If I remove Asterisk from untangle and put it directly with unbridged modem it works perfectly.

I also have iptables and firewall disabled in my Asterisk.

I don't know what else to try. If there is anybody out there that got Asterisk to work with Untangle please share as I don't have much hair left to pull. Ah well it least it's summer time and I can go with the bald look again...

Just frustrated....

I'll try the pbxinaflash forums....

Thanks again sky-knight for the suggestions and proper port forward config.

Cpoc · 06-24-2009, 03:26 PM

I solved it..

Sky-knight you were right with the "Sip Nat Helpers" solution.

The problem was when you untick "Sip Nat helpers" untangle requires a reboot. I had rebooted the Asterisk server several times and it never worked. Then I decided to reboot the untangle server and Bingo....problem solved.

I left the sip_nat.conf the same. I don't believe it, I wasted a good part of a day trying to solve this issue reading for hours with no solutions. Now becuase of a stupid tick box I don't have much hair....at least the weather is hot now so hair not needed.. lol

Thanks again sky-knight...

I'm happy now....going to out now.....and my Voip is working behind untangle...

Gasmanz · 07-22-2009, 07:03 PM

I have Untangle 6.2 running and there is no "Sip Nat Helpers" option in the Bypass Rules.

Is there a reason why this would be missing?

I need this to be turned off as soon as possible.

Help.....

06-24-2009, 01:15 PM	#1 (permalink)
Cpoc Untanglit Join Date: Apr 2009 Posts: 10	Untangle Blocking SIP Registration Ok here is my setup. Running untangle 6.1 and my modem from ISP is set to bridge mode. My ISP is using PPPOE. Untangle is the gateway and firewall at 192.168.3.1. My Asterisk box is behind untangle's lan at 192.168.3.20. I have tried different firewall port forward rules but nothing works. My asterisk box cannot register to my Voip provider. I did some tests with my Voip provider and removed Asterisk from untangles lan and put it directly at the modem. I had to remove the bridge mode for this test and enabled the DHCP server in my modem. The Asterisk box registered right away also did the X-Light software from my laptop the was also connected to the modem for this test. So I know 100% it's not an issue with my Voip provider and is with untangle's firewall settings. I have searched these forums but could not find my solution. The Bypass rules are set at default. So I believe my port forward is not working correctly. If anybody has Asterisk working behind untangle please explain how you did this. I have been hours searching and pulling my hair at this point I don't have much hair too pull. Please help..

06-24-2009, 01:50 PM	#4 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 7 Posts: 9,951	Well you need to check the documentation on your phone switch. SIP runs on UDP 5060 by default, but then the audio goes over RTP which is some kind of port range. 10000-20000 is the default, and the normal for SwitchVOX but Asterisk in general is a very wide beast. So once you get into that world... you're just going to have to attack the manual regarding NAT on the PBX and see what you turn up. Incidentally there is a bypass rule for SIP by default, but this doesn't cover RTP, so you need to create a bypass rule to match the port forward for RTP so the UVM doesn't make your sound skip. __________________ Intouch Technology Rob Sandling, BS:SWE, MCP Office: 480-272-9889 rob@intouchtechllc.com

06-24-2009, 01:46 PM	#3 (permalink)
Cpoc Untanglit Join Date: Apr 2009 Posts: 10	I have left the advanced settings as default but I am going to do what you ask. I will uncheck "enable SIP NAT Helper" As for port forwarding rules what do you suggest. Thanks again for responding so quickly.

06-24-2009, 01:54 PM	#5 (permalink)
Cpoc Untanglit Join Date: Apr 2009 Posts: 10	I tried your suggestion but still does not work. As for my port forward rules I have....they may be wrong Destination Port > 5060 Source Interface > Internal Protocol > UDP New Destination > 192.168.3.20

06-24-2009, 02:01 PM	#6 (permalink)
Cpoc Untanglit Join Date: Apr 2009 Posts: 10	Is my port forwarding rule correct What other suggestion you suggest. Some say putting on DMZ would solve problem others say DMZ would be worse. I am running PBXInaFlash as my Asterisk server.

06-24-2009, 02:58 PM	#8 (permalink)
Cpoc Untanglit Join Date: Apr 2009 Posts: 10	It sill won't register. I have tried with the Sip Nat Helpers enabled and disabled. I even commented out my sip_nat.conf settings. externhost=xxxxx.dyndns.org localnet=192.168.3.0/255.255.255.0 nat=yes externrefresh=120 It just won't connect at all. If I remove Asterisk from untangle and put it directly with unbridged modem it works perfectly. I also have iptables and firewall disabled in my Asterisk. I don't know what else to try. If there is anybody out there that got Asterisk to work with Untangle please share as I don't have much hair left to pull. Ah well it least it's summer time and I can go with the bald look again... Just frustrated.... I'll try the pbxinaflash forums.... Thanks again sky-knight for the suggestions and proper port forward config.

06-24-2009, 03:26 PM	#9 (permalink)
Cpoc Untanglit Join Date: Apr 2009 Posts: 10	I solved it.. Sky-knight you were right with the "Sip Nat Helpers" solution. The problem was when you untick "Sip Nat helpers" untangle requires a reboot. I had rebooted the Asterisk server several times and it never worked. Then I decided to reboot the untangle server and Bingo....problem solved. I left the sip_nat.conf the same. I don't believe it, I wasted a good part of a day trying to solve this issue reading for hours with no solutions. Now becuase of a stupid tick box I don't have much hair....at least the weather is hot now so hair not needed.. lol Thanks again sky-knight... I'm happy now....going to out now.....and my Voip is working behind untangle...

07-22-2009, 07:03 PM	#10 (permalink)
Gasmanz Newbie Join Date: Oct 2008 Posts: 2	I have Untangle 6.2 running and there is no "Sip Nat Helpers" option in the Bypass Rules. Is there a reason why this would be missing? I need this to be turned off as soon as possible. Help.....