cannot get SIP Phone to work over iptables firewall
I am using a iptables firewall based on Debian Etch and so far have been running against a wall getting my Gigaset C470 IP running.
I can make it ring on both sides, so it registers fine on port 5060 with the sip provider server, but then there is no audio going through, from neither side to the other.
I know that you need the module ip_conntrack_sip loaded on the iptables machine, but so far that has helped nothing. Finding out which ports SIP uses is a needle in the haystack. Using fwbuilder to configure iptables, I have opened SIP, RTP and RTCP ports, tried to forward them directly to the device (through the NAT tab in fwbuilder, which is how you should do it, right?)
I know that the NAT is to blame, since I have connected the phone directly on the public internet address and that worked like a charm.
Is there any way I can tackle this problem, get a point where I can start finding the problem step by step?
I have 2 pictures, showing the firewall config, policy and nat rules, but don't know how to attach them here.
thanks in advance for any pointers
Please note the following:
Thanks for the tips. I have given it up and couldn't find a solution. There is not even a documentation for SIP-phones, which ports they are using and which protocols. Sadly, this is the reason why you find many people in the net saying that they switched to skype, "that just works". Skype might be a security hazard, but it surely does work.
That SIP was not designed to work over NAT is no help, 99% of all users use NAT and waiting for IPV6 will make us all get grew hair before it happens. I always smile at the ignorance when I hear a so called decision maker manager state that "Haven't heard anything about IPV6 much, therefore it can't be taking hold"
You cannot feed managers with facts, they only eat marketing.
And what you did not hear about from several sources obviously can't be worth any consideration. ;-)
|All times are GMT -5. The time now is 11:49 AM.|