SIP Client behind router

Discussion in '3CX Phone System - General' started by ankitkapoor, Apr 8, 2007.

  1. ankitkapoor

    Joined:
    Apr 8, 2007
    Messages:
    3
    Likes Received:
    0
    Hi,
    I have setup my PBX server and it is behind a router... I have setup proper port forwarding so that external SIP clients can connect to the server. The clients can connect to me. i can call there extension and we can connect. the problem is that my SIP server cannot send voice data to the client. Found that the client is behind a router and my server cannot reach it, only client can reach the server and can get authenticated. Is there a setting where the server can talk on the same tunnel that that client has connected to server on?


    Thanks
    Ankit
     
  2. Anonymous

    Anonymous Guest

    In general a firwall works on the principle of sending and allowing the response to come back.

    What I understand is that you have all the devices behind the router so I assume they are all on the same subnet.

    In 3cX you can configure the routing to be done internal or via external (well that is how I call it anyway). If you configure your extensions to be external you will use the ports 9000 - 9003 if you do not configure the extensions to be external devices you will use the ports 7000 - 7500. You need these open.

    For you sound you typically need RFC ports open these are UDP 10000 - 20000.

    Hope this helps.
    Henk
     
  3. ankitkapoor

    Joined:
    Apr 8, 2007
    Messages:
    3
    Likes Received:
    0
    i think you have misunderstood the problem. The problem is at the external client. Client is behind a router too. say external client has ip of 192.168.0.2 and is configured to listen on ports 5070 for SIP and 9000 for RTP. Say his PUBLIC IP is 66.27.126.187 port 5070. now this IP (66.27.126.187) is set on the router and router gives the SIP client an ip of 192.168.0.2.

    now when my server wants to send it the data it will send at 66.27.126.187, but the router at client side rejects it since it doesn't know where to forward that packet to.

    is there a work around for this as i dont have access to router at clients end?


    Thanks
    Ankit
     
  4. Anonymous

    Anonymous Guest

    Nope, I believe that is the whole intent of a firewall.

    If you have no access to the firewall to punch holes in it that the only thing you can do is to have the client initiate the request. Requests are honered with responses and the firewall will allow these to come through as it knows the requestor.

    It does not work the otherway, if it is not a firewall but a straight router you have to try to setup the NAT routing but again you need to configure the router, that can work. But you need access to the router to do that so it can route the call to the client ip.

    To me it sounds it is a firewall, as your client can inititate the contact but you cannot initiate the contact back to the client.

    I think you our of luck on this one.

    Henk.
     
  5. ankitkapoor

    Joined:
    Apr 8, 2007
    Messages:
    3
    Likes Received:
    0
    Thanks Henk,
    The only workaround to it is that i ask the client to ssh to my server and use the appropriate switch to reroute the data sent to port 9000 back to client on the same tunnel. This works. I hope someone designs a softphone to setup a tunnel (like SSH) to the VOIP server and make VoIP server talk back on the same tunnel. This will resolve any router or firewall issues on client side.


    Ankit
     

Share This Page