PC Best Networks How to set firewall to enable SIP based VoIP application? Version 1.02 May 24, 2009 1/4 PC Best Networks Assume that your SIP device has the following settings: SIP Port: UDP 5060 RTP Port: UDP 10000 SIP Account Provider: sip2.stinghlr.net (77.240.208.253) STUN Server: stun.xten.com (75.101.138.128) There are several ways to set the network environment for your SIP application. Case 1: In an open connection In this case, the device which runs SIP application has directly access Internet with public IP address. You only need to open the firewall for the application. sip2.stinghlr.net (77.240.208.253) SIP Port: UDP 5060 RTP Port: Dynamical Exchange Internet stun.xten.com (75.101.138.128) UDP 3478 UDP 3479 SIP Application UDP 5060 UDP 10000-10020 Firewall rule: Enable traffic from UDP local:5060 to 77.240.208.253:5060, vise versa. Enable traffic from UDP local:10000 to 77.240.208.253:any port, vise versa. Enable traffic from UDP local:5060 to any address:3478 and 3479 Case 2: In the NAT, but with public IP address or in DMZ 2/4 PC Best Networks In this case, the device which runs SIP application resides in the NAT, but either has a public IP address, or set DMZ in the router to direct all the incoming traffic to this internal machine. sip2.stinghlr.net (77.240.208.253) SIP Port: UDP 5060 RTP Port: Dynamical Exchange Internet Firewall stun.xten.com (75.101.138.128) UDP 3478 UDP 3479 Router NAT SIP Application With public-ip or DMZed Firewall rule: Enable traffic from UDP public-ip:5060 to 77.240.208.253:5060, vise versa. Enable traffic from UDP public-ip:10000 to 77.240.208.253:any port, vise versa. Enable traffic from UDP public-ip:5060 to any address:3478 and 3479 3/4 PC Best Networks Case 3: In the NAT, with private IP address In this case, the device which runs SIP application resides in the NAT, and has a private IP address like 192.168.1.102, 10.98.4.210, …. sip2.stinghlr.net (77.240.208.253) SIP Port: UDP 5060 RTP Port: Dynamical Exchange Internet Firewall stun.xten.com (75.101.138.128) UDP 3478 UDP 3479 Router with public-ip like 201.222.99.45 NAT SIP Application With private ip like: 192.168.1.102 Firewall rule:(Assume router’s public IP is 201.222.99.45) Enable traffic from UDP 192.168.1.102:5060 to 77.240.208.253:5060, better using 201.222.99.45:5060 to send out. Enable traffic from UDP 192.168.1.102:10000 to 77.240.208.253:any port, better using 201.222.99.45:10000 to send out. Enable traffic from UDP 192.168.1.102:5060 to any address:3478 and 3479. Port forwarding rules: Forward any traffic from UDP 77.240.208.253:5060 to 201.222.99.45:5060, forward the traffic to 192.168.1.102:5060 Forward any traffic from UDP 77.240.208.253 to 201.222.99.45:10000, forward the traffic to 192.168.1.102:10000 4/4
© Copyright 2024