[Asterisk-Users] Does externalip= do anything to help with SIP behind a Linux based NAT router?

Olle E. Johansson oej at edvina.net
Tue Nov 4 11:57:22 MST 2003


Leif Madsen wrote:

> I'm just curious if I was to place my * box behind a a FW/NAT box 
> running linux, if my SIP calls will still work.  Box right now is a RH9 
Leif,
The question is too open to anwer, you have to be more specific.

There are several situations:

1. Asterisk as a SIP client behind nat, connecting to outside SIP Proxies
2. Asterisk as a SIP client behind nat, connecting to inside SIP proxies
3. Asterisk as a SIP server behind nat, clients on the outside connecting to Asterisk
4. Asterisk as a SIP server behind nat, clients on the inside connecting to Asterisk

Everything works somewhere, but it depends on the client and the NAT and many other factors.
In most cases, 1 and 3 is broken.

#1 works with SIP Express router as the outside proxy. (Get an account at IPtel.org and try!). Fails with fwd.
#2 Works- no NAT in between
#3 Works with port forwarding and some header mangling magic
#4 Works - no NAT in between

I'm afraid if I configure externalIP=, 1 works, like with FWD, but 2 is broken.
I don't know what happens with 4 if I at the same time use externalip= and have clients
configured as 3.
As I see it, externalip= is an ugly hack that causes problems. There are better solutions
in the bug tracking system, being discussed and refined.

STUN support, and the netmask/ip-network configuration helps asterisk to find out itself
if there's a NAT in the middle and if something should be done.

Let's continue
5. Asterisk as a SIP client outside nat, connecting to outside SIP proxies
6. Asterisk as a SIP client outside nat, connecting to inside SIP proxies
7. Asterisk as a SIP server outside nat, clients on the outside connecting to Asterisk
8. Asterisk as a SIP server outside nat, clients on the inside connecting to Asterisk


#5 is no problem. No NAT in the middle
#6 is a problem if no port forwarding is done, similar to 3 above.
#7 is no problem. No NAT in the middle
#8 is solved with nat=yes and qualify=xxx in sip.conf for the client in most cases. Some clients (X-lite)
assist themselves by using STUN and sending UDP keep-alive packets. Qualify sends keep-alive packets from
Asterisk to the client on the inside.

Then we have even worse cases...

9. Asterisk inside a NAT, client inside ANOTHER NAT
In this case, we need a middle man to even find each other, an outbound SIP proxy that handles the SIP transaction and is reachable
by all parties. To get media streams from point to point we need another middle man, a media server. Asterisk could be that media server,
that could add media codec conversion. Portaone's rtpproxy works together with SIP Express router.

I'm sure we can find #10-xx as well.



And yes, I'll rewrite this and put it up on the Wiki ;-)

/Olle




More information about the asterisk-users mailing list