I am running an Asterisk server in Public IP. When I connect SIP softphones to the server, I am able to make call and conversation is possible between the softphones. However, anything that is played on the asterisk server is not heard in the softphone. In asterisk server log, I could see the message like " Playing 'hello-world.gsm' " but I could not hear any message.
Ports open for sending and receiving UDP packets in the server are 5060, 10000 to 20000, 4569, 5036 and 2727
When I setup the server inside the LAN, everything was working perfectly. So I suspect it could be related to some firewall configuration. Please help me.
Note : SIP softphones were running in a machine connected to internet using wifi dongle with Cone NAT
Just to clarify it seems like your asterisk box is on a LAN, and there is a NAT device which provides the public IP address. In this case, you should configure asterisk for network address translation.
In sip.conf set the following parameters to their correct values:
directmedia = no
nat = force_rport,comedia
canreinvite = no
insecure = port,invite
localnet =
externip/externhost =
Use the sip set debug on command to verify asterisk replaces it's local address with the externip in sip dialogs to your public clients.
Also rtp set debug on can be used to show if audio (RTP) packets are reaching the asterisk box.
Related
I'm running mirth on Azure VM (Windows Server 2016) and trying to get HL7 messages from Meditech. Not really familiar with tcp/ip concept so help is appreciated here. When Meditech sends HL7 messages to my server (VM), how should I configure the setting in mirth's channel?
For example, in Listener Settings panel,
1.Select Specific interface and put my VM's public ip address.
2.Put port number I set in inbound rule in Local Port
or do I put Meditech's ip address and port number in Listener Settings?
TCP/IP is pretty simple. From the sending system, you specify the destination IP address and port # that you want to send to. From the destination system, you set up your listener to run on a specific port #. In Mirth you can choose to accept messages from any IP (All interfaces) or a specific IP address (specific interface) in the TCP Listener Settings:
So to address your specific example, it sounds like you want a message to go outbound from Meditech to your Mirth instance on an Azure VM. In Meditech, you would enter the Azure server's IP address and port # that you specified in Mirth. In Mirth, you can leave it open to the world and select "All interfaces," or specify your Meditech interface engine's IP address in "Specific interface."
One final thought.. I have never played around with Azure, but I'm sure there are some security settings. (hopefully it is behind a firewall of some sort) You may need to explicitly allow traffic from your Meditech interface engine's IP. If you need further help with that, I would post a new question and tag it under Azure.
I'm trying to build a peer-to-peer game, where each player is both a server and a client with tcp sockets. The sockets can connect fine when I'm using local ip:s, but of course fails when I'm trying to use external ip:s.
But I'm thinking that the players should be able to connect to each other if they just knew the external address + port that the router assigns to them.
Setting up port forwarding is out if the question since I don't have access to the players routers.
I'm thinking of having a server in between, just to be able to read the external address and port of the players, and tell the other player about it so that it can connect.
But I haven't found any info anywhere if that's how port forwarding works. If computer A makes a request from a local address and a port to the server, and the router assigns this address + port to an external address + port, and the server tell computer B which address + port to use. Can computer B use that external address + port to connect to the computer A and start a tcp socket with it? Is there any way to know that this external address + port stays the same when another computer makes a request against them?
The problem is that most people don't expose their PC directly to the internet. They have a router that has an external address. When you send a packet to their IP address, it is going to their router. The router doesn't know where to forward it to and what port to use without port forwarding.
So, getting everyone to enable port forwarding is out of the question, as it should be. A simpler mechanism is to have a server on the internet that you control. It has a firewall with port forwarding setup. The clients are just clients, they connect to the server on a port and send and receive info about the current status of the game. That way, everyone has real-time updates on their local game engine. Plus, this way is much easier to program and implement.
No, TCP doesn't work like that.
The source port that has been used to talk to the rendezvous server will be transient and specific to that particular initial TCP socket connection and can only be used as a destination for return traffic on the same connection from the rendezvous server, and can't be used by a third party to make new inbound connections.
The typical (only?) practical solution when NATs are involved and port forwarding is not available is to have that central server relay all messages bidirectionally between the peers.
Hole punching is what I was looking for.
https://en.wikipedia.org/wiki/Hole_punching_(networking)
I am having some trouble allowing my 2wire router (provided by AT&T to forward certain ports.
I have a raspberry pi running subsonic (a music server) and I would like to access it from the outside internet. I have configured the pi with a static LAN IP address and have opened the specified ports (4040 and 80) on both TCP and UDP. I have also confirmed the service is active and is listening on the specified ports via netstat.
When I attempt to connect, however, from my WAN IP I am confronted with a connection refused dialog. Checking the firewall logs on my router, I see this message
IN=br1 MAC=--:--:--:--:--:-- SRC=(my computer IP) DST=(My WAN IP) LEN=40 TTL=240 PROTO=TCP DPT=5060 Unknown inbound session stopped
It appears that my firewall is still blocking the external connection. What strikes me as odd is, although I am unable to connect I can still see that the port is open from an outside port scanner. Using the service provided from http://www.yougetsignal.com/tools/open-ports/ I have confirmed that my IP has port 4040 to be open.
Once again, I have confirmed that the service is indeed listening on the raspberry pi, setup a static LAN address and created the protocol for both TCP and UDP....
Any help on this matter would be greatly appreciated.
Thanks in advance!
Ok so for whatever reason it was working all along. Apparently it was just getting confused by me trying to connect to my own router. I confirmed this by connecting to the server via 4G on my phone.
Dumb mistake by me.
I am new to network programming and try to understand managing traffic via TUN/TAP interface.
Since I have almost nonexistent system programming skills, and feel confident on Java; I use OpenVPN tun/tap driver and ready made Java binding for it. It works on TAP mode.
As an example application I am trying to imitiate no encryption, no authentication client server VPN application.
I can catch Ethernet Frame packets, but for the routing part, I failed miserably. (I can modify route/arp tables.)
Do anybody know how OpenVPN send packets from client to server, and from server to target. Opening sockets from Java looks like an alternative; but I was hoping that modifying packets(change IPs and/or MAC addresses) and writing back to the virtual tap interface would be enough. Is it so?
Can I inject packets to send other locations, or by default received packet moves towards application layer?
-- Edit:
Scneario
Client Tap0 _____ Server Tap0 ______ Target
Eth0 Eth0
Target: Ping from client, move through tap interfaces, target see only server ip (anonymization)
What I achived so far.
Catch traffic at client tap0 interface.
I coulnt forward traffic at server Tap so to fasten things I used Java socket programming between client-server.
Now I read packets from socket at server, and try to OpenVPN Tap driver's write method to move forward but I am not sure where do I fail. I see packets with tcpdump at server tap0, but they do not pass to server eth0.
My most important question is if I modify packet(ip, mac address) and call write method, is it possible that packet moves forward. (Or does it move to application layer whatever you change??)
Any help would be appreciated.
1. Routing is a Layer 3 (IP) problem and handled by the OS. As for the Ethernet frames on Layer 2, you have multiple options. In any case, you'll have to parse the incoming packets' headers and extract the MAC address, and decide based on the MAC where to pass the packet: To a specific client, all clients (broadcasts) or the local tap interface.
Option 1: On each client, use a tun device, and let the server use a tap device. Assign pseudo MAC addresses to each client, respond accordingly to ARP requests from the server's OS and let the OS on the server take care of the rest. Applicationwise, you'll only have to forward all incoming packets to the tap device and all outgoing packets to the client to which you assigned this MAC.
Option 2: Let the clients choose their own MAC address and forward ARP-requests through the network. The server application has to decide for incoming packets from a client whether to forward the packet to a client, or send it to the local tap device if the address matches the local device's MAC.
In both cases, clients pass all packets from their local tun/tap device to the server and vice versa.
2. You can do almost anything. A packet is only "received" when you decide to write it to the tap device, and you can of course temper with any packets, or inject new ones, ...
As a final comment, I've found that toying with tun devices is conceptually simpler, because they work on Layer 3. You'll have to open a tun device on the server for each client, but within your application you'll have to do nothing but to forward anything coming from the device to the single client, and vice versa.
I wrote a java program of TCP/IP Client which is supposed to read data from TCPIP server device.
Problem is when I give the IP and Port of the Device, java gives error of "Connection Time out". Obviously this is problem of not connecting to that Device.
I want to know if there is way to know where the problem is? Whether that TCPIP server device is not reachable (if no, then how to check it )
whether Its the router / network issue that TCPIP Client and Server has to be on same network or use same router to communicate. OR Just IP:Port is enough.
How on my computer may I know that TCPIP server device is turned on and streaming??
P.S. That TCPIP Server device can also be connected with blutooth connection. can i read streaming through blutooth in Java?? if yes what/How should I do it?
I want to know if there is way to know where the problem is? Whether
that TCPIP server device is not reachable (if no, then how to check it
)
Use telnet from the client - it will try to connect to the remote server at the port that you specify. For example telnet google.com 80 attempts to reach google.com on port 80. You could also use an IP address in place of "google.com". If you are on a windows box, you might have to enable telnet first.
You can also use netstat on the server. It should say the ports that are currently open and the state that they are in. For example, your Java server program should be listening on the port, so the state should say LISTEN.