Home » Forums » Community Edition » SIP and IAX trunks and providers

SIP Port Clarification

tjabaut
Posts: 23
 Member Since:
2006-09-13
Submitted by tjabaut on Tue, 10/04/2011 - 4:56am.

This might not be the correct forum, but it sounds right since my question is regarding SIP in general.

I have been using SIP for quite some time, and have always wanted clarification of some things.

I am using a Grandstream GXP-2000 in my test environment. It is connecting via a NET'd connecting at home to a Trixbox at a clients office.

The clients Trixbox server is behind a Zyxel Zywall USG100 that NAT's their public IP as well. I have forwarded UDP 5060 and 10001-10100.

I have found that I can successfully register, but my question is why. I am using Presence 4 on the GXP-2000. This presence uses Local SIP Port 5066. How is a local SIP 5066 being translated and therefore allowed through to the Trixbox.

‹ IAX Trunk slow to connect call TRIXBOX connect to unlimitel with port 495xx ›


stechnique
Posts: 733
 Member Since:
2008-02-21
As long as there is only 1
Tue, 10/04/2011 - 5:44am

As long as there is only 1 phone at the remote location it's pretty basic. It will register using port 5060 and this will open a state on both firewalls. Once the phone has registered and the state is open on the home router, than it is as if port 5060 was open on the home router as well. It will let incoming connections from the trixbox's public IP in and forward them to the NAT'd phone because it matches the open state.
If there were multiple phones connected behind NAT, all using port 5060 to register, then it would be more complicated because several states would match an incoming packet from the trixbox IP on port 5060, so the home router would not know which device to send it to.
In short it works because stateful firewalls are designed to allow traffic to flow both ways once a state has been opened between local endpoint and distant server. Otherwise you would not be able to browse the web or do anything on the internet without opening ports on the firewall...



tjabaut
Posts: 23
 Member Since:
2006-09-13
I understand how NAT works
Tue, 10/04/2011 - 5:56am

I understand how NAT works and realize that there will be a NAT table that will correlate. I am curious as to how an endpoint with a Local SIP Port of 5066 is communicating with the Trixbox server when the Firewall on the Trixbox side is only configured to allow UDP/5060 through.

If you have multiple endpoint phones at a remote location shouldn't the remote Firewall maintain a state in the form of Source IP/MAC:Port to Translated (Public)/IP/MAC.



stechnique
Posts: 733
 Member Since:
2008-02-21
5066 is the local sip port
Wed, 10/05/2011 - 6:32am

5066 is the local sip port on the phone. It will still register to port 5060 on the server. It will tell the server to send SIP requests on port 5066.
Traffic will go like this:

asterisk:5060 internet home router:5066 sip phone:5066
The phone is sending requests out to port 5060 on the trixbox IP. It is listening on port 5066 for SIP messages.
The asterisk server is listening on port 5060 for SIP messages. It knows to send SIP messages out on port 5066 to that remote phone because it registered accordingly.



tjabaut
Posts: 23
 Member Since:
2006-09-13
Thank you stechnique, that
Wed, 10/05/2011 - 10:38am

Thank you stechnique, that is exactly the explaination that I was looking for. So in essence the phone probably does its own mapping of ports, so that it can represent multi-presence.



Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.