01-31-2018 03:08 AM
currently my ISP is blocking / using port 5060 for its own VoIP service.
im using a different SIP provider.
the only problem my SIP client is a fritzbox and is using port 5060 as source to connect to the external VOIP client.
but outbound WAN:5060 is blocked.
how to make a correct NAT on the cmdline to translate the source of my internal ip (fritzbox SIP client) for example translate 192.168.20.5:5060 publicip:5090 (for example) so that port 5060 outbound is translated to 5090 when it leaves my WAN port.
i tried several source nat construction, but cant get it working.
when looking in to the packet tracer of the edgemax router i always see publicip:5060 wil connect to the external SIP provider.
because of the blocking of port 5060 at ISP side, i cant get a connection.
port 5060 as source seems to be hard coded in the fritzbox.
01-31-2018 03:48 AM
Yes you can.
Even your config might be working right now ! If so all it takes is flushing your NAT table
sudo conntrack -F
If connection is already made using source port 5060, it will live on forever (that is , as long as fritzbox keeps sending, thus keeping translation with old source port alive)
However: If ISP blocks destination port udp5060....you're out of luck
01-31-2018 04:15 AM
@16againthe problem is the fritzbox hardcoded that its using an socket ipfritzbox:5060 to connect to SIP external server.
the default translate the following fritizboxip:5060 nat publicip:5060
i want the following fritizboxip:5060 nat publicip:5090 (for example)
01-31-2018 04:22 AM
Something like below will change source port to value above 6000, adapt at will.
Make sure it's above existing masquerade (and flush NAT table)
set service nat rule 5001 description SIP_ChangeSourceport
set service nat rule 5001 destination port 5060
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface eth0
set service nat rule 5001 outside-address port 6000-65535
set service nat rule 5001 protocol udp
set service nat rule 5001 type masquerade
01-31-2018 04:55 AM - edited 01-31-2018 04:55 AM
ok @16again, gonna try this.
why is de default masquerade not translating the source port of the fritzbox to a random port number as expected on the outbound interface?
01-31-2018 08:13 AM
By default, the masquerade rule tries to use same source port as original packet.
So using a single phone, you end up with source port 5060.
On the connection for a 2nd phone, source port 5060 is already in use, so it has to be translated.
01-31-2018 01:12 PM
changed the rules a bit
set service nat rule 5000 description SIP_ChangeSourceport
set service nat rule 5000 source port 5060
set service nat rule 5000 log disable
set service nat rule 5000 outbound-interface switch0.300
set service nat rule 5000 outside-address port 6000-65535
set service nat rule 5000 protocol udp
set service nat rule 5000 type masquerade
rule type intf translation
---- ---- ---- -----------
5000 MASQ switch0.300 saddr ANY to publicip
proto-udp sport ANY to 6000-65535
buth i cant get any connection
02-01-2018 12:31 PM
i did the test again
but is doest work, when i set in source port 5060 want to translate it to 6000 and higer. It seems to be working with conntrack - L | grep 5060
but i cant get any connection.
if i say destination port 5060 then the transltion looks not ok in the conntrack log
i just want the edgemax to skip port 5060 as using as a socket on the WAN ip