change sip port 5060 to custom port, but no audio/video received at endpoint.

Status
Not open for further replies.

jasonyy

New Member
Dec 15, 2020
3
0
1
55
hi, I am new to fusionpbx/freeswitch, very appreciated if any clue is provided.
striaght to the point, the scenarios is pretty simple, I try to change sip port from 5060 to other random port, purpose to avoid anoymous registering attempting as my server is directly exposed on the internet. I have successfully change the port numbers on the vars.xml and sip profile from Fusionpbx GUI. see screen snap shot bottom below;

however, the call is becoming no sound/video at all; although registering account is successful as usual. any comment is very appreciated!
圖片_2021-02-14_203624.png圖片_2021-02-14_203818.png
 

Adrian Fretwell

Well-Known Member
Aug 13, 2017
1,500
414
83
If registration and SIP signalling (i.e call set-up) is working then your SIP port configuration is probably fine. Audio/video is sent using the RTP protocol, not SIP. Whilst you do specify what port range may be used for RTP, the actual port is determined on a per call basis and communicated via the SDP (Session Description Protocol) body associated with the INVITE / /183 Session progress / 2OO OK SIP messages.

It will help if you determine what IP and ports are being offered for RTP in the relavent SIP messages that have SDP bodies. This is normally done with a packet capture of the problem call. The standard tool in Linux for packet capture is tcpdump, but many find sngrep useful if your server is not too busy.

I assume you are not using TLS.
 

jasonyy

New Member
Dec 15, 2020
3
0
1
55
thanks adrian for quick response. I am not using TLS; and I agree with your point about sip registration success means sip communicatting is working well. while I assume I don't need to set up rtp port intentionly as the code should work as usual no matter we set sip port to which port value. but the strange is once we set the sip port back to 5060, all rtp stream is flowing good( can see/hear video/audio ). I guess there is something behind I don't realize, I will need to dig deeper to catch packets from pc sip software phone. I will report back here.
 

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,071
577
113
Changing sip ports is not the solution to protecting yourself from the bad boys, making more advanced use of fail2ban rules etc, that are already provided helps a lot.

If you really must, then the reason nothing is probably working is that the default iptables is likely blocking the port you want to use.

Have a look in /etc/iptables/rules.v4
 

Adrian Fretwell

Well-Known Member
Aug 13, 2017
1,500
414
83
Another possibility is that you could have some sort of ALG operation on your router that detects the flow of packets to port 5060. Probably worth checking your router configuration.

DigitalDaz makes a good point about iptables and fail2ban, as you are getting successful registrations it is unlikely that iptables are blocking messages, but you would certainly want to adjust the iptables and fail2ban setting to accommodate your alternative SIP port and thus provide protection.
 

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,071
577
113
! I didn't see that about successful registrations, how is that even possible? Are you using a default debian install because that port should definitely be blocked?
 

jasonyy

New Member
Dec 15, 2020
3
0
1
55
hello, trying making my condition more clear, add descriptions morehere: I am test using two mobile phone and one server, all of three of them are on the internet with own real IP, so assuming not about the ALG, or router matter. about fail2ban, it does help, but just cannot block registration attempting, althouth those never success, but looks annoying and waste some cpu time to reject. also as Fusionpbx and Freeswitch blog/docu suggests, better to change sip port on server, that's why I am trying.
 
Status
Not open for further replies.