[Asterisk-Users] asterisk behind NAT

Patrick Cantwell pat at insomnia.org
Thu Dec 18 21:18:07 MST 2003

I know this issue has been covered with at least 2 different patches, and
probably a dozen different discussions, however I'm a bit unclear as to what
my options are.

I have a DSL line coming in with 8 IP addresses going to an OpenBSD firewall
doing 1:1 NAT for machines behind the firewall.  My asterisk box is one of
these machines, and I'd like to allow foreign SIP clients
(softphones/hardware phones) to register to my Asterisk box -WITHOUT-
breaking internal connectivity.

A brief example of my setup works like this:

asterisk box -------------> openbsd firewall ---------------> internet
(                            |
--> other internal networks  (

The OpenBSD firewall provides a 1:1 NAT mapping for the asterisk box to so ports/port forwarding is a non issue.

I also have several other internal subnets hanging off of the OpenBSD
firewall, all using address space, and I do have some
hardware/software clients running internally.

I've also noticed that in newer CVS versions, there are provisions for
'externip', but nothing for internal net/netmask, so I suspect this will
break my internal clients.

My question is, first off, do I need to apply a patch, and if so, which one?
Second, once I apply said patch, what options do I need to supply in

I could also run something on the openbsd firewall (maybe a SIP proxy?),
I've seen references to 'STUN' but haven't found enough info on it to know
if it will help me.


More information about the asterisk-users mailing list