Outbound from 5060 port

AlexPebody · Fri Jun 09, 2023 7:41 pm

Hey guys, I need a help...

I have Mikrotik 7.9.2 ROS and for SIP, for example, I need send out to IP 5.49.132.66:5060 from LAN bridge with NAT exactly from 5060 port. For example, my external address is 178.49.185.13 and inside the LAN bridge I have 192.168.0.0/24 addresses and all 5060 SIP signal ports, has output from extra ports, like 41256 and other, but listening side wait exactly 5060 SIP signal port and it must have outbound port from 5060, how can I do this?

I need something like this (pfSense):

Thank you.

msatter · Fri Jun 09, 2023 8:30 pm

Please remove your PUBLIC IP from your posting. This is in your own interest.

AlexPebody · Fri Jun 09, 2023 8:39 pm

Please remove your PUBLIC IP from your posting. This is in your own interest.

Thx, but don't worry, this is fake addresses.

msatter · Fri Jun 09, 2023 10:46 pm

Please remove your PUBLIC IP from your posting. This is in your own interest.
Thx, but don't worry, this is fake addresses.

Then you lied in your opening post stating "My external address is".

AlexPebody · Fri Jun 09, 2023 10:50 pm

Thx, but don't worry, this is fake addresses.
Then you lied in your opening post stating "My external address is".

Is it lying - for example my ip address...? It's just example...

msatter · Fri Jun 09, 2023 11:57 pm

You have changed it now in your OP, it now states that it is your not actual public address.

It is also a good thing, to use non existing public IP adresses in postings to avoid that an other router is being tried to be compromised based on data stated by you.

anav · Sat Jun 10, 2023 3:08 am

Just in case in the future to prevet msatter from going into cardiac arrest, just make sure you indicate a private IP address and nothing wrong with using xx.yy.zz.xx for example and nothing wrong with using fake numbers either............
THe key is if the same number is used in various parts of a config you put the same fake number or xx.yy.zz.xx in all the spots so we know.......

Buckeye · Sat Jun 10, 2023 4:56 am

See rfc5737, IPv4 Address Blocks Reserved for Documentation there are three /24's reserved for documentation and examples. Using these makes it clear that they are meant to replace global addresses. It is easy to do, just use a text editor and do a global replace of the first 3 octets of you global address(es) with the first three from one of the TEST-NET ranges. It is possible you will fool some people that don't know about rfc5737 that will still think you are posting your "public address".

Documentation Address Blocks

The blocks 192.0.2.0/24 (TEST-NET-1), 198.51.100.0/24 (TEST-NET-2),
and 203.0.113.0/24 (TEST-NET-3) are provided for use in
documentation.

msatter · Sat Jun 10, 2023 12:29 pm

/ip firewall nat
add chain=srcnat action=src-nat to-ports=5060 protocol=tcp src-address=192.168.0.0/24 dst-address=5.49.132.66 dst-port=5060 
add chain=srcnat action=src-nat to-ports=5060 protocol=tcp src-address=192.168.0.0/24 dst-address=5.13.25.125 dst-port=5060

Because your src-address is a range you need to keep open the connection so that incoming calls can be redirected to the correct client.

Outbound from 5060 port

Outbound from 5060 port

Re: Outbound from 5060 port

Re: Outbound from 5060 port

Re: Outbound from 5060 port

Re: Outbound from 5060 port

Re: Outbound from 5060 port

Re: Outbound from 5060 port

Re: Outbound from 5060 port

Re: Outbound from 5060 port

Who is online