Nat – How to forward range of ports in FreeBSD

asterisknat;port-forwarding

I am trying to configure asterisk PBX behind my FreeBSD router.
To allow other sip clients to call I need to forward ports to my local network asterisk machine.
I did it for 5060 and 5061 ports using ipnat and configuring ipnat.rules

rdr fxp0 217.199.MYIP.MYIP/32 port 5061 -> 192.168.1.7 port 5061 udp

But I do not know how I can redirect UDP port range from 60000 to 610000 and also port
range UDP Port 10000 – 20000

Best Answer

With PF, you could do it with variables.

myports = "{ 22 25 2022 2222 8000 }" rdr on $ext_if proto udp from any to $ext_if port $myports -> 192.168.1.7

...or something.

Related Solutions

Skype Connect as SIP/Trunk for Asterisk

Ok I finally fixed it thanks to Skype Tech support and an Asterisk Ninja :)

This is what must be in sip.conf in order for Skype connect to work:

register => SKYPE_CONNECT_ID:SKYPE_CONNECT_PASS@sip.skype.com/SKYPE_CONNECT_ID

That Register line MUST be near the begining of the file, where the "register =>" examples are.

Skype Trunk details (near the end of sip.conf or at the end):

[skype]
type=friend
context=from-skype
username=SKYPE_CONNECT_ID
secret=SKYPE_CONNECT_PASS
canreinvite=no
insecure=port,invite
dtmfmode=rfc2833
host=sip.skype.com
nat=no
qualify=yes
fromuser=SKYPE_CONNECT_ID
fromdomain=sip.skype.com
disallow=all
allow=g729
allow=ulaw
allow=alaw

Note: If you are using Asterisk-gui, you can do all of this through the gui.
When setting up the SIP trunk, you need to go back and edit it, because edit reveals more options for you to put in.
Fill out:
Hostname: sip.skype.com
Username: SKYPE_CONNECT_ID
Password: SKYPE_CONNECT_PASSWORD
Codecs: G729, Ulaw, Alaw
Fromdomain: sip.skype.com
Fromuser: SKYPE_CONNECT_ID

There is one more hidden option that you must set in order for INCOMING call Options/Advanced/Show hidden options

With this setup, outgoing calls should work. Remeber to make the outgoing rule so that you get an international number out. My example in asterisk-gui.
US office calls only US numbers.
Outgoing rule: _XXXXXXXXXX
Prepend: +

Same thing with bare-bones asterisk: (extensions.conf)

exten => _X.,n,Dial(SIP/skype/+1${EXTEN},90)

In the example above, there is a skype trunk defined in sip.conf

After this. Everything worked fine. Now I seem to have some other problems :)

Cisco ASA 5505 – NAT or Port Forward for SIP / VoIP ver 8.4

You don't have to explicitly forward RTP ports (>1024) as you have sip inspect turned on. When a SIP INVITE comes through, the router will open the appropriate RTP ports for the duration of the call.

As far as NATing SIP, you are missing the NAT command, and the access-list entry:

! this should be tightened to allow traffic only from your telephone company, or 
! people with bad intent will happily place international calls on your account
access-list outside_access_in extended permit udp any host 192.168.3.150 eq 5060 
! nat 5060 to 5060
object network NEC_DSX
 nat (inside,outside) static interface service udp 5060 5060

Though it is not needed, the proper syntax to forward a range is:

object service rtp-1024-1215 
 service udp source range 1024 1215
object network NEC_DSX_RTP
 host 192.168.3.150
 nat (inside,outside) static interface service rtp-1024-1215 rtp-1024-1215

Best Answer

Related Solutions

Skype Connect as SIP/Trunk for Asterisk

Cisco ASA 5505 – NAT or Port Forward for SIP / VoIP ver 8.4

Related Topic