NAT problem?

Ajla · April 9, 2010, 1:34pm

Hi,

I’ve been setting up a VoIP system and I have some problems..

the network look like this:

IP phone (A) → Mikrotik → Internet → Mikrotik → 3CX PBX → other phone (B)

Everything is fine with the Inbound calls, but when the Phone (A) calls B, Phone A can’t hear audio.
I looked at the trace, the src port for RTP packets is not the same as the phone sends and expects back. MT changes the src port when the packet leves it.

I think something is wrong in my config. But I don’t know what.. SIP signaling works.. The phone is Yealink SIP T-20.
I allso tried it with Grandstream GXP2000 and it worked..

any sugestions?

Thank you..

Ajla · April 13, 2010, 9:55am

Still no answer?

Ok, to be more specified; in MT(A) Firewall Connectios i can see unreplied connections:
src addr 192.168.0.245:1035 dst addr 82.193.208.16:9020
src addr 82.193.208.16:9020 dst addr 89.201.134.150:11790

MT(B)
src addr 192.168.1.209:9022 dst addr 89.201.134.150:11790
src addr 89.201.134.150:1035 dst addr 82.193.208.16:9020

all connections are unreplied..

MT(A)

3 ;;; default configuration
chain=srcnat action=masquerade src-address=192.168.0.0/24
out-interface=pppoe-out1

7 chain=dstnat action=dst-nat to-addresses=192.168.0.245 to-ports=5060-5064
protocol=udp in-interface=pppoe-out1 dst-port=5060-5065

9 chain=dstnat action=dst-nat to-addresses=192.168.0.245 protocol=udp
src-port=9000-9049

10 chain=dstnat action=dst-nat to-addresses=192.168.0.245 protocol=udp
in-interface=pppoe-out1 dst-port=11780-11800

MT(B)

3 chain=srcnat action=masquerade src-address=192.168.1.0/24
out-interface=ether1

5 chain=dstnat action=dst-nat to-addresses=192.168.1.209
to-ports=9000-9449 protocol=udp src-address=85.94.71.99
dst-address=82.193.208.16 in-interface=ether1 dst-port=10000-20000

6 chain=dstnat action=dst-nat to-addresses=192.168.1.209
to-ports=9000-9449 protocol=tcp src-address=85.94.71.99
dst-address=82.193.208.16 dst-port=10000-20000

7 chain=dstnat action=dst-nat to-addresses=192.168.1.209 to-ports=3389
protocol=tcp dst-address=82.193.208.16 dst-port=3389

8 ;;; Remote access
chain=dstnat action=dst-nat to-addresses=192.168.1.209 to-ports=3389
protocol=tcp dst-port=3389

9 ;;; Remote access
chain=dstnat action=dst-nat to-addresses=192.168.1.209 to-ports=3389
protocol=udp dst-port=3389

10 chain=dstnat action=dst-nat to-addresses=192.168.1.209 protocol=udp
dst-address=82.193.208.16 dst-port=5060

11 ;;; IP telefon (Default RTP External)
chain=dstnat action=dst-nat to-addresses=192.168.1.209
to-ports=9000-9049 protocol=udp dst-port=9000-9049

12 ;;; IP telefon
chain=dstnat action=dst-nat to-addresses=192.168.1.209
to-ports=5480-5481 protocol=tcp dst-address=82.193.208.16
dst-port=5480-5481

18 ;;; STUN server
chain=dstnat action=dst-nat to-addresses=192.168.1.209 to-ports=3478
protocol=udp dst-address=82.193.208.16 dst-port=3478

19 ;;; STUN server
chain=dstnat action=dst-nat to-addresses=192.168.1.209 to-ports=3478
protocol=tcp dst-address=82.193.208.16 dst-port=3478

20 ;;; 3cx tunnel
chain=dstnat action=dst-nat to-addresses=192.168.1.209 to-ports=5090
protocol=tcp dst-address=82.193.208.16 dst-port=5090

21 ;;; 3cx tunnel
chain=dstnat action=dst-nat to-addresses=192.168.1.209 to-ports=5090
protocol=udp dst-address=82.193.208.16 dst-port=5090
packet-mark=voip-packet

on the side of MT(B) there is the server (192.168.1.209)
the rules that are missing are disabled.. so they don’t change anything..

what can I change in the NAT to get it to work right?