Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 1455 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VoIP set up not working

girkers
I have a PBX server inside my network behind a Sopho UTM 120 and I can't seem to get my VoIP system to work

My PBX registers with my VoIP provider without issue and without any rules in my Firewall, the problem cames when I try to make a call. When I make a call the UDP ports are all blocked for obvious reasons.

I have set my settings with my VoIP providers addresses in the Server group and my PBX in the SIP Client networks, however audio doesn't work either way. Tried both strict and Client/Server networks settings.

I have tried using a firewall rule to allow the ports through both in and out, made not difference.

I could get inbound calls work, but setting up a DNAT for the VoIP provider and a SNAT for the PBX however outgoing calls still did not work.

It seems no matter what rule I put in I can't get it to work reliably. Any help would be great, I would love to have it working for Christmas.

Thanks

Girkers


This thread was automatically locked due to age.
  • 0
    Hi,

    1. do you have a Masquerading rule for your LAN Network -> WAN Address?

    2. please check the logs (firewall, IPS, application control), and post any relevant entries here. Use the Full Log, not the Live Log when pasting here, as the live log is missing some information.

    Barry
  • 0
    1. Yes

    2. 

    Excerpt from Firewall log: 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x31a7" app="423" srcmac="0:60:64:3d:6a:eb" dstmac="0:1a:8c:12:99:79" srcip="125.213.160.80" dstip="60.240.145.165" proto="17" length="280" tos="0x00" prec="0x00" ttl="59" srcport="20960" dstport="15800" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x31a7" app="423" srcmac="0:60:64:3d:6a:eb" dstmac="0:1a:8c:12:99:79" srcip="125.213.160.80" dstip="60.240.145.165" proto="17" length="280" tos="0x00" prec="0x00" ttl="59" srcport="20960" dstport="15800" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x31a7" app="423" srcmac="0:60:64:3d:6a:eb" dstmac="0:1a:8c:12:99:79" srcip="125.213.160.80" dstip="60.240.145.165" proto="17" length="280" tos="0x00" prec="0x00" ttl="59" srcport="20960" dstport="15800" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x31a7" app="423" srcmac="0:60:64:3d:6a:eb" dstmac="0:1a:8c:12:99:79" srcip="125.213.160.80" dstip="60.240.145.165" proto="17" length="280" tos="0x00" prec="0x00" ttl="59" srcport="20960" dstport="15800" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x31a7" app="423" srcmac="0:60:64:3d:6a:eb" dstmac="0:1a:8c:12:99:79" srcip="125.213.160.80" dstip="60.240.145.165" proto="17" length="280" tos="0x00" prec="0x00" ttl="59" srcport="20960" dstport="15800" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x31a7" app="423" srcmac="0:60:64:3d:6a:eb" dstmac="0:1a:8c:12:99:79" srcip="125.213.160.80" dstip="60.240.145.165" proto="17" length="280" tos="0x00" prec="0x00" ttl="59" srcport="20960" dstport="15800" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x31a7" app="423" srcmac="0:60:64:3d:6a:eb" dstmac="0:1a:8c:12:99:79" srcip="125.213.160.80" dstip="60.240.145.165" proto="17" length="280" tos="0x00" prec="0x00" ttl="59" srcport="20960" dstport="15800" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x31a7" app="423" srcmac="0:60:64:3d:6a:eb" dstmac="0:1a:8c:12:99:79" srcip="125.213.160.80" dstip="60.240.145.165" proto="17" length="280" tos="0x00" prec="0x00" ttl="59" srcport="20960" dstport="15800" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x31a7" app="423" srcmac="0:60:64:3d:6a:eb" dstmac="0:1a:8c:12:99:79" srcip="125.213.160.80" dstip="60.240.145.165" proto="17" length="280" tos="0x00" prec="0x00" ttl="59" srcport="20960" dstport="15800" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x31a7" app="423" srcmac="0:60:64:3d:6a:eb" dstmac="0:1a:8c:12:99:79" srcip="125.213.160.80" dstip="60.240.145.165" proto="17" length="280" tos="0x00" prec="0x00" ttl="59" srcport="20960" dstport="15800" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x31a7" app="423" srcmac="0:60:64:3d:6a:eb" dstmac="0:1a:8c:12:99:79" srcip="125.213.160.80" dstip="60.240.145.165" proto="17" length="280" tos="0x00" prec="0x00" ttl="59" srcport="20960" dstport="15800" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x31a7" app="423" srcmac="0:60:64:3d:6a:eb" dstmac="0:1a:8c:12:99:79" srcip="125.213.160.80" dstip="60.240.145.165" proto="17" length="280" tos="0x00" prec="0x00" ttl="59" srcport="20960" dstport="15800" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:c:29:c3:4:f" dstmac="0:1a:8c:12:99:78" srcip="192.168.254.18" dstip="125.213.160.80" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="15800" dstport="20960" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x31a7" app="423" srcmac="0:60:64:3d:6a:eb" dstmac="0:1a:8c:12:99:79" srcip="125.213.160.80" dstip="60.240.145.165" proto="17" length="280" tos="0x00" prec="0x00" ttl="59" srcport="20960" dstport="15800" 

    2013:12:24-18:56:04 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x31a7" app="423" srcmac="0:60:64:3d:6a:eb" dstmac="0:1a:8c:12:99:79" srcip="125.213.160.80" dstip="60.240.145.165" proto="17" length="280" tos="0x00" prec="0x00" ttl="59" srcport="20960" dstport="15800" 

    2013:12:24-18:56:05 oscar ulogd[4566]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x31a7" app="423" srcmac="0:60:64:3d:6a:eb" dstmac="0:1a:8c:12:99:79" srcip="125.213.160.80" dstip="60.240.145.165" proto="17" length="280" tos="0x00" prec="0x00" ttl="59" srcport="20960" dstport="15800"


    IPS: 
    2013:12:24-16:42:10 oscar snort[6473]: Could not remove pid file /var/run//snort_tmp.pid: No such file or directory

    2013:12:24-16:42:11 oscar snort[6473]: Snort exiting


    Application Control: 
    2013:12:24-16:39:39 oscar afcd[5163]: _afc_cfg_file_plugin_parse: 997 protocols registered

    2013:12:24-16:39:43 oscar afcd[5163]: loaded plugin '/var/sec/chroot-afc/lib/afc/vineyard.so'

    2013:12:24-16:39:43 oscar afcd[5163]: _afc_cfg_file_plugin_parse: 997 protocols registered

    2013:12:24-16:39:43 oscar afcd[5591]: AFC ready.


    So it would appear that the firewall is the only thing blocking the connection, just not sure how to get around it.

    Thanks

    Girkers
  • 0
    Hi, iirc the VOIP security system is not for PBXs, but just for phones (I might be remembering incorrectly though).

    Anyways, it should work with DNAT and SNAT (or Masq), and firewall rules...

    Try a firewall rule:
    source: PBX
    dest: VOIP Provider servers
    service: ANY (or a definition for the UDP port ranges)
    Allow

    and watch the firewall log again.

    Barry
  • 0
    Thanks Barry, from what I have read it would appear that the VoIP security is for internal servers and external clients (but I too could have read it wrong)

    I did get it working though, through a combination of things, I had to do some minor configuration in my VoIP system to let it know my external details and then turn on a DNAT rule in my UTM, once that was done it is good to go.

    So a trap for young players is to ensure that you have your phone system correctly configured as this made the difference in my circumstances. Becuase once I had my phone sytem configured correctly the firewall only showed the external packets coming back in being dropped, no longer were the packets from my phone system being dropped. Thus by then turning on my DNAT rule the phone system worked.