[Asterisk-Dev] IAX2 Native Transfer + NAT

Mark Spencer markster at digium.com
Mon Feb 9 09:04:00 MST 2004


> > If I understood your comments correctly, that would be "port address
> > translation"
> > (or PAT) that got you. Part of the reason for that is IAX uses the exact
> > same
> > port number for both source and destination udp ports, therefore the
> > firewall
> > can only handle one iax session in its nat/pat tables.

That is not at all true.  IAX works through PAT tables as well, because we
use the exposed port *and* ip address.

> Perhaps I am missing something, but I have had several sessions running
> simultaneously before, all traversing the NAT router.  Here's my network:
>
> [Client A     ]
> [192.168.1.100]-----                               ... To Net...
>                     |                                   |
> [Client B     ]     |                                   |
> [192.168.1.102]------     [24.99.11.29]--[Switch]--[Cable Modem]
>                     |     [Linksys NAT]      |
> [Client C     ]     |-----[192.168.1.1]      |
> [192.168.1.103]------                        |
>                     |                 [Asterisk Server]
> [Client D     ]     |                 [24.99.11.25    ]
> [192.168.1.105]------
> 			  |
> [Additional Clients...]
>
> I have had both calls between NATted clients (A-C, B-D, etc.) and
> simultaneous calls between clients and outside numbers (A-iaxtel, B-iaxtel)
> without any problem.  If the IAX2 protocol was limited to strictly one port,
> it would not be able to pass more than one call through the Linksys.
>
> What I am suggesting is that IAX2 become not only firewall/NAT friendly, but
> NAT-aware in terms of establishing the audio portion of the call.

It is NAT and PAT friendly entirely, including the ability to transfer
behind NAT's with well implemented NAT's and the ability to know the
transfer isn't possible with poorly implemented NAT's and continue the
call anyway.

Mark




More information about the asterisk-dev mailing list