The network is following:
internet <=> rb750 (192.168.88.1)<=> asterisk server(static ip 192.168.88.88)
The sip service is enabled, a simple nat rule added to let rtp pass through rb750 to asterisk server. The asterisk can register to sip server outside(internet). For extensions within the same LAN work perfectly. However, outside extensions are unable to register. How to solve this? Please help.
The NAT rule is listed as following(public is the internet interface,192.168.88.88 is asterisk server’s ip)
ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=masquerade out-interface=public1 chain=dstnat action=dst-nat to-addresses=192.168.88.88
to-ports=10000-20000 protocol=udp in-interface=public
dst-port=10000-20000
Another question is how to block brute force attacks for asterisk server. It is the main reason I choose rb750 to tackle this problem as attacks appear with 40-60 registration trials per second(I change ip as a temperately solution)
The attack is like the following(shown in asterisk server’s debug mode with my old router)
[Dec 8 20:24:35] NOTICE[353]: chan_sip.c:16457 handle_request_register: Registration from ‘“1234” sip: 1234@90.xxx.xxx.xxx> >’ failed for ‘208.43.33.120’ - No matching peer found
Thanks in advance!
