I struggled with this for several hours tonight.
Turns out that if you have an * machine behind NAT, you must put the PUBLIC address in the bindaddr in sip.conf
If you don't put it in, the Contact: header contains the NATted address and the sip phone can't get back to *.
I don't know what happens if you mix and match sip phones on the local network -- it might not work unless the sip
phone uses the public address as well.
Hope this helps as I see this thread come up again and again...
Andy
-------------------
Steve,
Sure, I could put all my machines on the public Internet, but that defeats the
purpose of having a firewall in the first place.
As an alternative, I could only place the * server on the outside, but I'd
rather not give the script-kiddies another box to pound.
Steve Totaro wrote:
> Can you disable your firewall? i am about to start this phase of asterisk
> an would like help from one newbie to another. otherwise this newbie will
> let you know how i did it.
>
>
> ----- Original Message -----
> From: "Brad Waite" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, September 20, 2003 9:07 AM
> Subject: [Asterisk-Users] Maximum retries exceeded w/SIP
>
>
>
>>First of all, I'd like to send a big "thank you" to all the folks who have
>>helped me get this far.
>>
>>Now on to the next problem. Here's my current network setup:
>>
>>
>>The Big I ---+--- FreeBSD FW --- * (10.0.0.253) ---- PC (10.0.0.1)
>> |
>> +--- Laptop (public IP)
>>
>>natd is set up with the following rules:
>>
>>redirect_port udp 10.0.0.253:10000-20000 10000-20000
>>redirect_port udp 10.0.0.253:5060 5060
>>
>>* is set up with the demo/sandbox config.
>>
>>I'm using XLite as my SIP client and have configured it on PC to work with
>
> *.
>
>>I'm able to do everything I've tried so far. I should, though - I'm on
>
> the inside.
>
>>However, when trying to make a call from the outside (via Laptop),
>
> something's
>
>>breaking. I've set up the SIP proxy in XLite to be the external interface
>
> on
>
>>the firewall, and am able to log into the proxy without difficulty. And
>
> while I
>
>>can begin conversations, I can't keep them going for long.
>>
>>For instance, when trying to call [EMAIL PROTECTED] (or [EMAIL PROTECTED]), I
>
> get most
>
>>of the "demo-abouttotry" message - "I am about to attempt an IAX
>
> connection to a
>
>>demonstration server located at Di" - at which point it gets cut off. The
>>console spits out the following error:
>>
>>File chan_sip.c, Line 443 (retrans_pkt): Maximum retries exceeded on call
>>[EMAIL PROTECTED] for seqno 12384
>
> (Response)
>
>>
>>Any ideas what could be going on? My first guess is the firewall, but I
>
> can't
>
>>figure out why some of the packets would get through while others
>
> apparently are
>
>>not. I'm at a loss.
>>
>>Brad Waite
>>aka HankPoacher
>>
>>_______________________________________________
>>Asterisk-Users mailing list
>>[EMAIL PROTECTED]
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
> _______________________________________________
> Asterisk-Users mailing list
> [EMAIL PROTECTED]
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
