[Asterisk-Users] Asterisk behind LinkSys NAT Routing

[Shoval Tom]

Isn't putting asterisk on the public IP network a bad  idea?
What about security?

And how will all us newbies make the linux box as secure as possible?

-----Original Message-----
From: asterisk-users-admin at lists.digium.com
[mailto:asterisk-users-admin at lists.digium.com] On Behalf Of WipeOut
Sent: Monday, November 03, 2003 11:05 AM
To: asterisk-users at lists.digium.com
Subject: Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing

Robert Mann wrote:

> Problem I have is this.  outside firewall (extension 2003) can call me 
> inside firewall (extension 2000) and all is fine.  If I call from 
> inside firewall (extension 2000) to outside firewall (extension 2003) 
> I hear no ringing and person at other end can pick up and I hear for 
> maybe a half second then I go to voicemail.  If I add another 
> extension on the outside then communication between outside and 
> outside through * is not possible at all.  I know I can not be the 
> only one who has tried to do this.  Please any help would be greatly 
> appreciated.
>  

Robert,

You need to get Asterisk onto a public IP address.. Using the DMZ 
function on the router will not work.. If you search the archives you 
will see that it has been attempted many times..

The reason is not in the IP but in the SIP headers.. they will be sent 
out from the Asterisk server with the internal IP address of the server, 
this means that when the SIP UA reads the SIP message and responds it 
will respond to the incorrect IP address..

So the basic rules where NAT is involved are..

Asterisk server must always be on a public IP address..

SIP UA's can be behind NAT but need "nat=yes", "canreinvite=no" and 
"qualify=yes" set in the phone configuration in sip.conf..

Hope that helps..

Later..

_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users