[Spce-user] Help with Configuration behind firewall.

Jon Bonilla (Manwe) jbonilla at sipwise.com
Mon Jan 14 05:22:23 EST 2013


El Fri, 11 Jan 2013 10:23:17 -0800
Igor Cheifot <icheifot at gmail.com> escribió:

> Hi Everyone
> I Just install a SPCE vm on my ESXi 5.1 server and gone through the basic
> config steps. The scenario i would like to use this service is like this:
> 
> My server is hosted at my house with internal ip address 192.168.1.13
> Server is behind the firewall run on DD-wrt router.
> I have port forwarded the following ports to 192.168.1.13 just like it says
> in the manual:
> 

Well, the Provider is suposed to run in a public IP address. NO NAT scenario.
The Provider solves the NAT problem for other devices and peers.

If you want to run the provider behind NAT, check the advertised address
parameter to set the public IP the system should notify.


> SIP 5060 UDP, TCP kamailio→lb→port
> 
> SIP over TLS 5061 TCP kamailio→lb→tls→port + kamailio→lb→tls→enable
> 
> RTP 30000-40000 UDP rtpproxy→minport + rtpproxy→maxport
> 
> XCAP 1080 TCP kamailio→proxy→presence→enable + nginx→xcap_port
> 
> Provisioning interfaces 2443 TCP ossbss→apache→port
> 

These are ports to open, not ports to forward. But yes, in you scenario you
need these ports forwarded.

> 
> There is also a statement in the manual in regards to some MEDIAPROXY rule
> that has to be added to the firewall, can anyone please elaborate on this
> more, i don't quite understand what it means.
> 

ngcp-mediaproxy-ng runs in kernel space. That means that it needs a special
iptables rule that the server itself inserts in the startup script. The note is
regarding firewall systems that could delete this rule. If you don't delete
iptables rules in the system, you have nothing to do there.

> i have a domain name for the sip server (sip.whatever.com) pointing to the
> routers WAN ip address.
> 
> I also followed this totorial:
> http://www.sipwise.com/news/technical/byov-skype-replacement/ when i was
> setting up the system.
> 
> First thing i noticed is when im at home i don't seem to be able to connect
> to the server. I suspect its because of some funky DNS business as to when i
> try to access the local sever from the same 192.168.1.xxx subnet through the
> DNS name that is pointing to the external router ip address. If anyone has
> any sugestions on how to overcome this i would really appreciate this. When
> im outside of my home network, i can connect to the server with Jitsi,
> however, going through the provisioning, for some reason, Jitsi gets setup
> with 192.168.1.13 address instead of sip.whatever.com domain. If i fix the
> addresses manually, im able to connect to the server and go online, but when
> i try to call another user, Jitsi just says "Connecting*" and nothing
> happens. the chat feature however functions ok.
> 

Please go first with the advertised address option. Anyways I'd suggest to use
a real public ip address for the system. Once you have the setting ready and
applied come back to us with traces if you have problems.


Welcome Igor!


cheers,

Jon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20130114/4df96e3d/attachment.asc>


More information about the Spce-user mailing list