[Asterisk-bsd] RTP destination address with NAT

Mike Durian durian at shadetreesoftware.com
Thu May 29 11:15:11 CDT 2008


On Wednesday 28 May 2008, Mike Durian wrote:
> I recently updated asterisk from the FrssBSD ports collection to
> 1.4.19.2.  I've been trying to track down some strange routing
> interaction with the RTP packets from my asterisk server, which is
> not behind a NAT, to my phone, which is behind a NAT.  I also have
> a bunch of funky pf routing rules to route the phone traffic over
> a cable line or a DSL line depending on some conditions.  My routing
> rules used to work, but now they fail after the update.  I think
> the problem might be related to the IP address used by asterisk
> when sending RTP packets to my phone.
>
> Despite having nat=yes enabled for my phone peer, asterisk is using
> it's unroutable address (192.168.1.10) for the first few packets
> it sends to the phone.  I verified this by turning on rtp debug.
> Only after asterisk receives an RTP packet from the phone, does it
> switch to using the NAT address.  I won't get into the messy details
> (partly because I don't fully understand all the interactions), but
> I believe the first few RTP packets to the 192.168 address are
> causing routing problems for me.
>
> All that said, my question is rather simple.  How do I keep
> asterisk from sending out any RTP packets until it receives one?
> If I can prevent asterisk from sending RTP packets until it learns
> the NAT address by receiving one, I think I can solve my problems.
>
> Thanks,
> mike

Following up to my own post.
When I updated asterisk, I also updated FreeBSD from 6.x to 7.x.
I believe this had a subtle effect on some PF behavior (I know
I had to enable IPSEC_FILTERTUNNEL to get cups to work) and made
the system more sensitive to the asterisk behavior.

Previous versions of asterisk might have also sent the initial
few RTP packets to the wrong address too, but I just didn't notice.
I do believe that finding a way to prevent asterisk from sending
RTP packets to a destination before it has received one (at least
for NAT peers) will fix my problems.

If anyone has advice on how to do this, I'd quite appreciate it.

mike




More information about the Asterisk-BSD mailing list