Page 1 of 1
Outbound from 5060 port
Posted: Fri Jun 09, 2023 7:41 pm
by AlexPebody
Hey guys, I need a help...
I have Mikrotik 7.9.2 ROS and for SIP, for example, I need send out to IP 5.49.132.66:5060 from LAN bridge with NAT exactly from 5060 port. For example, my external address is 178.49.185.13 and inside the LAN bridge I have 192.168.0.0/24 addresses and all 5060 SIP signal ports, has output from extra ports, like 41256 and other, but listening side wait exactly 5060 SIP signal port and it must have outbound port from 5060, how can I do this?
I need something like this (pfSense):
Thank you.
Re: Outbound from 5060 port
Posted: Fri Jun 09, 2023 8:30 pm
by msatter
Please remove your PUBLIC IP from your posting. This is in your own interest.
Re: Outbound from 5060 port
Posted: Fri Jun 09, 2023 8:39 pm
by AlexPebody
Please remove your PUBLIC IP from your posting. This is in your own interest.
Thx, but don't worry, this is fake addresses.
Re: Outbound from 5060 port
Posted: Fri Jun 09, 2023 10:46 pm
by msatter
Please remove your PUBLIC IP from your posting. This is in your own interest.
Thx, but don't worry, this is fake addresses.
Then you lied in your opening post stating "My external address is".
Re: Outbound from 5060 port
Posted: Fri Jun 09, 2023 10:50 pm
by AlexPebody
Thx, but don't worry, this is fake addresses.
Then you lied in your opening post stating "My external address is".
Is it lying -
for example my ip address...? It's just example...
Re: Outbound from 5060 port
Posted: Fri Jun 09, 2023 11:57 pm
by msatter
You have changed it now in your OP, it now states that it is your not actual public address.
It is also a good thing, to use non existing public IP adresses in postings to avoid that an other router is being tried to be compromised based on data stated by you.
Re: Outbound from 5060 port
Posted: Sat Jun 10, 2023 3:08 am
by anav
Just in case in the future to prevet msatter from going into cardiac arrest, just make sure you indicate a private IP address and nothing wrong with using xx.yy.zz.xx for example and nothing wrong with using fake numbers either............
THe key is if the same number is used in various parts of a config you put the same fake number or xx.yy.zz.xx in all the spots so we know.......
Re: Outbound from 5060 port
Posted: Sat Jun 10, 2023 4:56 am
by Buckeye
See
rfc5737, IPv4 Address Blocks Reserved for Documentation there are three /24's reserved for documentation and examples. Using these makes it clear that they are meant to replace global addresses. It is easy to do, just use a text editor and do a global replace of the first 3 octets of you global address(es) with the first three from one of the TEST-NET ranges. It is possible you will fool some people that don't know about rfc5737 that will still think you are posting your "public address".
Documentation Address Blocks
The blocks 192.0.2.0/24 (TEST-NET-1), 198.51.100.0/24 (TEST-NET-2),
and 203.0.113.0/24 (TEST-NET-3) are provided for use in
documentation.
Re: Outbound from 5060 port
Posted: Sat Jun 10, 2023 12:29 pm
by msatter
/ip firewall nat
add chain=srcnat action=src-nat to-ports=5060 protocol=tcp src-address=192.168.0.0/24 dst-address=5.49.132.66 dst-port=5060
add chain=srcnat action=src-nat to-ports=5060 protocol=tcp src-address=192.168.0.0/24 dst-address=5.13.25.125 dst-port=5060
Because your src-address is a range you need to keep open the connection so that incoming calls can be redirected to the correct client.