Results 1 to 9 of 9
  1. #1
    Untanglit
    Join Date
    May 2008
    Posts
    19

    Default Outbound SIP Traffic Issue

    I've got a trixbox CE behind my untangle firewall in Router mode. My voip provider is bandwidth.com

    Gateway - 192.167.167.1
    Trixbox - 192.167.167.108
    External IP - 75.149.216.194
    Bandwidth - 216.82.224.202

    Inbound calls work fine. However, I cannot get outbound calls to leave the trixbox. Sip helper is disabled. I modified sip_nat.conf per below.

    sip_nat.conf
    externip = 75.149.216.194
    localnet=192.167.167.108/255.255.255.0

    I've added bypass rules for 5060 - 5082 and 10000-20000.

    I did a tcp dump of the LAN and got the following:

    tcpdump -n -s 0 -A -i eth1 port 5060

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
    13:00:33.908384 IP 192.167.167.108.5060 > 216.82.224.202.5060: SIP, length: 873
    E`...N..@......l.R.......q.fINVITE sip:+13122066211@216.82.224.202 SIP/2.0
    Via: SIP/2.0/UDP 75.149.216.194:5060;branch=z9hG4bK7ba9ca7b;rport
    Max-Forwards: 70
    From: "Drew Friestedt" <sip:3122128166@75.149.216.194>;tag=as2510577c
    To: <sip:+13122066211@216.82.224.202>
    Contact: <sip:3122128166@75.149.216.194>
    Call-ID: 579f0c581185d73a1dde1fc257211e4b@75.149.216.194
    CSeq: 102 INVITE
    User-Agent: Asterisk PBX 1.6.0.10-FONCORE-r40
    Date: Tue, 11 May 2010 18:00:33 GMT
    Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
    Supported: replaces, timer
    Content-Type: application/sdp
    Content-Length: 278

    v=0
    o=root 649130949 649130949 IN IP4 75.149.216.194
    s=Asterisk PBX 1.6.0.10-FONCORE-r40
    c=IN IP4 75.149.216.194
    t=0 0
    m=audio 19392 RTP/AVP 0 101
    a=rtpmap:0 PCMU/8000
    a=rtpmap:101 telephone-event/8000
    a=fmtp:101 0-16
    a=silenceSuppff - - - -
    a=ptime:20
    a=sendrecv

    13:00:33.908467 IP 192.167.167.1.1024 > 192.167.167.108.5060: SIP, length: 873
    E`...N..?..........l.....q!.INVITE sip:+13122066211@216.82.224.202 SIP/2.0
    Via: SIP/2.0/UDP 75.149.216.194:5060;branch=z9hG4bK7ba9ca7b;rport
    Max-Forwards: 70
    From: "Drew Friestedt" <sip:3122128166@75.149.216.194>;tag=as2510577c
    To: <sip:+13122066211@216.82.224.202>
    Contact: <sip:3122128166@75.149.216.194>
    Call-ID: 579f0c581185d73a1dde1fc257211e4b@75.149.216.194
    CSeq: 102 INVITE
    User-Agent: Asterisk PBX 1.6.0.10-FONCORE-r40
    Date: Tue, 11 May 2010 18:00:33 GMT
    Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
    Supported: replaces, timer
    Content-Type: application/sdp
    Content-Length: 278

    v=0
    o=root 649130949 649130949 IN IP4 75.149.216.194
    s=Asterisk PBX 1.6.0.10-FONCORE-r40
    c=IN IP4 75.149.216.194
    t=0 0
    m=audio 19392 RTP/AVP 0 101
    a=rtpmap:0 PCMU/8000
    a=rtpmap:101 telephone-event/8000
    a=fmtp:101 0-16
    a=silenceSuppff - - - -
    a=ptime:20
    a=sendrecv

    13:00:33.910383 IP 192.167.167.108.5060 > 192.167.167.1.1024: SIP, length: 554
    E`.F....@......l.........2..SIP/2.0 482 Loop Detected
    Via: SIP/2.0/UDP 75.149.216.194:5060;branch=z9hG4bK7ba9ca7b;received=192.167.167.1;rport=1024
    From: "Drew Friestedt" <sip:3122128166@75.149.216.194>;tag=as2510577c
    To: <sip:+13122066211@216.82.224.202>;tag=as2510577c
    Call-ID: 579f0c581185d73a1dde1fc257211e4b@75.149.216.194
    CSeq: 102 INVITE
    User-Agent: Asterisk PBX 1.6.0.10-FONCORE-r40
    Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
    Supported: replaces, timer
    Content-Length: 0
    X-Asterisk-HangupCause: User busy
    X-Asterisk-HangupCauseCode: 17


    13:00:33.910437 IP 216.82.224.202.5060 > 192.167.167.108.5060: SIP, length: 554
    E`.F....?....R.....l.....2-.SIP/2.0 482 Loop Detected
    Via: SIP/2.0/UDP 75.149.216.194:5060;branch=z9hG4bK7ba9ca7b;received=192.167.167.1;rport=1024
    From: "Drew Friestedt" <sip:3122128166@75.149.216.194>;tag=as2510577c
    To: <sip:+13122066211@216.82.224.202>;tag=as2510577c
    Call-ID: 579f0c581185d73a1dde1fc257211e4b@75.149.216.194
    CSeq: 102 INVITE
    User-Agent: Asterisk PBX 1.6.0.10-FONCORE-r40
    Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
    Supported: replaces, timer
    Content-Length: 0
    X-Asterisk-HangupCause: User busy
    X-Asterisk-HangupCauseCode: 17


    13:00:33.910631 IP 192.167.167.108.5060 > 216.82.224.202.5060: SIP, length: 438
    E`...O..@..:...l.R........-.ACK sip:+13122066211@216.82.224.202 SIP/2.0
    Via: SIP/2.0/UDP 75.149.216.194:5060;branch=z9hG4bK7ba9ca7b;rport
    Max-Forwards: 70
    From: "Drew Friestedt" <sip:3122128166@75.149.216.194>;tag=as2510577c
    To: <sip:+13122066211@216.82.224.202>;tag=as2510577c
    Contact: <sip:3122128166@75.149.216.194>
    Call-ID: 579f0c581185d73a1dde1fc257211e4b@75.149.216.194
    CSeq: 102 ACK
    User-Agent: Asterisk PBX 1.6.0.10-FONCORE-r40
    Content-Length: 0


    13:00:33.910665 IP 192.167.167.1.1024 > 192.167.167.108.5060: SIP, length: 438
    E`...O..?..........l........ACK sip:+13122066211@216.82.224.202 SIP/2.0
    Via: SIP/2.0/UDP 75.149.216.194:5060;branch=z9hG4bK7ba9ca7b;rport
    Max-Forwards: 70
    From: "Drew Friestedt" <sip:3122128166@75.149.216.194>;tag=as2510577c
    To: <sip:+13122066211@216.82.224.202>;tag=as2510577c
    Contact: <sip:3122128166@75.149.216.194>
    Call-ID: 579f0c581185d73a1dde1fc257211e4b@75.149.216.194
    CSeq: 102 ACK
    User-Agent: Asterisk PBX 1.6.0.10-FONCORE-r40
    Content-Length: 0


    However, while monitoring WAN at the same time
    tcpdump -n -s 0 -A -i eth0 port 5060

    I see no traffic. trixbox is not passing SIP traffic to the WAN. Any idea why?

    Drew

  2. #2
    Untangle Ninja proactivens's Avatar
    Join Date
    Sep 2008
    Location
    Greensburg, Pa
    Posts
    2,362

    Default

    local net is supposed to be 192.167.167.0 /255.255.255.0
    Are your trunks registering properly? Are your outbound routes configured correctly? Post your outbound routes so I can have a look at the config.

    Also, all the ports are UDP, not TCP
    www.nexgenappliances.com
    Toll Free: 866-794-8879
    UNTANGLE STAR PARTNER
    Follow us at spiceworks!

  3. #3
    Untanglit
    Join Date
    May 2008
    Posts
    19

    Default

    I've tried it both ways, but changed back to 192.167.167.0.
    Trunks are registered properly. I hired Bandwidth professional services to check them.
    Not sure on outbound routes. Routes are as follows - see attached.
    I opened TCP and UDP just to be sure.

    Thx for help!
    Drew

  4. #4
    Untangle Ninja proactivens's Avatar
    Join Date
    Sep 2008
    Location
    Greensburg, Pa
    Posts
    2,362

    Default

    I mean the outbound routes on the trixbox. Feel free to give me a call to talk about it. I am running trixbox and have been for some time now. Phone #'s in my sig.
    www.nexgenappliances.com
    Toll Free: 866-794-8879
    UNTANGLE STAR PARTNER
    Follow us at spiceworks!

  5. #5
    Untanglit
    Join Date
    May 2008
    Posts
    19

    Default

    Peer Details

    allow=ulaw
    canreinvite=no
    disallow=all
    dtmfmode=rfc2833
    host=216.82.224.202
    port=5060
    type=peer

    However, I cannot see SIP traffic on UDP 5060 even hitting the WAN, so I don't even get a chance to check if the peer details are correct.

    I've tried this with turning everything in UT off - firewall, etc... and still cannot pass traffic from the LAN to the WAN on udp 5060.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    Untangle, config -> networking -> advanced -> general.

    Make sure you've unticked the box next to enable SIP NAT helper. If you have to turn it off, you have to reboot Untangle to make the setting sick.

    If you've not turn that setting off, you've got your PBX AND Untangle trying to fix the packets for NAT translation...
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untanglit
    Join Date
    May 2008
    Posts
    19

    Default

    I figured out the problem (after countless hours....). for some reason, I needed to add a firewall rule that specifically allowed outbound traffic from the Trixbox IP to any location (despite my catch all rule allowing traffic from any internal location to any external location). you would think turning off the firewall would have allowed outbound traffic from the trixbox, but that did not work.

  8. #8
    Untangle Ninja proactivens's Avatar
    Join Date
    Sep 2008
    Location
    Greensburg, Pa
    Posts
    2,362

    Default

    glad you got it working
    www.nexgenappliances.com
    Toll Free: 866-794-8879
    UNTANGLE STAR PARTNER
    Follow us at spiceworks!

  9. #9
    Newbie
    Join Date
    Apr 2010
    Posts
    2

    Default

    Hi dfriestedt
    I have the same problem. Could you post the exact rule used?
    Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2