[Asterisk-Dev] IAX2 Native Transfer + NAT

Steven Sokol ssokol at sokol-associates.com
Mon Feb 9 08:12:09 MST 2004

> How do you propose you would figure out that you are behind the same nat
> screen? You mentioned in your example that you came in via a separate IP
> address. As far as asterisk could be concerned, that may well have been
> your neighbors nat it was connecting to. You can't go by the inside
> addresses as it is likely for people behind nats to have the same
> private address space.

I suspect that chan_iax could identify that two parties are behind the same
NAT based on two factors.  1) IAX has to have the "real" IP to which the
traffic must be sent, so if both sessions use the same "real" IP that would
be a strong indicator that they are behind the same router.  2) both clients
would show "internal" or non-routable addresses from the same block

Think of it like this:
		Client IP Address		Actual Source Address
Party A:
Party B:

If Asterisk receives a request for a call from A to B (both of whom are
registered) then the channel would first check to see if the actual source
for client A and the actual destination for client B are the same address.
If so, it queries the clients (or checks its registry) to see what addresses
the clients are using.  If the actual addresses are identical and the first
three octets of the client addresses match, then it should be safe to assume
that they _may_ be on the same internal, NATted address.

> So 2 simple solutions to this is to either get a better router that can
> "pinwheel" your traffic, or make your dialplan such that it doesn't go
> outside of the network unless it needs to.

Ok, but we want to make Asterisk and IAX as easy to install and use as
possible.  If this can be done without having to create IAX3, then what's
the loss?


Steve Sokol
Sokol & Associates, LLC

More information about the asterisk-dev mailing list