Hi.
Is there any nice tutorial for setup mine RB450G for my PBX IP works propertly ?
Today I´ve opened ports 5060-5065,10000-40000 . Inside my company, pbx works fine for all cenarios, but when anyone connects a softphone outside the company, we can place a call , but no one can listen or talk.
Is there a special setup ? or just open those ports would be fine ?
cheers
Try to disable the SIP helper under /ip firewall service-port and try again. Alternatively set up a VPN.
I will try…
But looking here, I think the guy misspeled ..
add chain=prerouting action=mark-connection protocol=udp connection-state=new new-connection-mark=“UPD” comment=“UPD”
add chain=prerouting action=mark-packet passthrough=no connection-mark=“UPD” new-packet-mark=“UPD”
where he put UPD I guess the correct ir UDP, once in the down part it refers the marked packet labeled as UDP and not UPD.
add name=“UDP_U” parent=“LEVEL_B_UP” packet-mark=“UDP” queue=default priority=3
add name=“UDP_D” parent=“LEVEL_B_DOWN” packet-mark=“UDP” queue=default priority=3
is that correct ?
I think could be something related to route, could be ?
On firewall connections, when I see the calls on going, I see that they have a U (unreplied). Why is that ?
I think in the router I must do some setup about the route… because when a softphone connect to the pbxIP, it goes OK. If the softphone does a call to outside number (thru analogic telephone lines, it goes well), but when it call to inside number in the same network, I guess someone (router, pbxIP, softphone) gets lots in the routing part, as all are in the same network.
The connection that I got unreplied, was the IP of my phone (192.168.30.100) here in the company trying to connect to the router (192.168.30.1), when shound be the IP of the softphone outside the company (177,xxx,xxx,xxx)
Good catch. Corrected.
I fixed the script… but there is no way to make my voip works propertly!
should be something so easy, I don´t get it…
Is there a way to do a simple test to see if my ISP is not shapping me ?
cheers
Well, VoIP is a complicated thing … but I’ll try to help you. First, understand that if you have VoIP devices behind NAT/Firewall (PBX or the phone) that you will have to do some special things to make it work. You need to know that VoIP uses a SIP (signaling) port and RTP (audio) ports. The RTP connection is a separate connection unless you configure symmetric RTP. Because it is a separate connection, unless you prepare for it, you’re firewall will block it and you won’t hear the audio.
Scenario 1:
PBX or phones are behind NAT/Firewall. VoIP Trunk or provider is on a public IP.
Fix:
Set the VoIP devices to have a keep alive of 120 seconds. This will open a connection to the VoIP Trunk and KEEP IT OPEN so that when audio comes back, the firewall will see it has a “related” connection and allow it to pass in. You’ll need to look for settings in your phone or PBX for this. They are usually found under NAT menus.
Scenario 2:
PBX is behind a NAT/Firewall and phone is on another network also behind a NAT/Firewall.
Fix:
You must open ports on the PBX firewall to allow connections. Port 5060 is a common one for the SIP signaling, but the RTP (audio) can come in from anywhere in the 10000-20000 range.