[Asterisk-Users] IAX peers and NAT

Johnson, Randy rjohnson at Spang.com
Thu Oct 23 11:29:20 MST 2003 

> -----Original Message-----
> From: WipeOut [mailto:wipe_out at onetel.com] 
> Sent: Thursday, October 23, 2003 2:12 PM
> To: asterisk-users at lists.digium.com
> Subject: Re: [Asterisk-Users] IAX peers and NAT
> 
> 
> Olle E. Johansson wrote:
> 
> > Help, I'm stuck. Lost in the woods.
> >
> > I have one Asterisk running on FreeBSD outside on the Wild Internet.
> > One on the safe inside, behind a NAT firewall.
> >
> > The inside server registers with IAX to the outer one and can place 
> > calls.
> > The outside one can't register to the one on the inside, since it 
> > can't be reached
> > on the private network.
> >
> > Now to my problem:
> > * How do I dial from outside to the inside over the existing IAX 
> > connection?
> >
> > When I dial from the outside to the inside by using the registred 
> > loginname like
> >
> >   exten => 1234,1,Dial(IAX/loginname/12345)
> >
> > The outside server seems to dial the one on the inside, but I see 
> > nothing on the inside.
> > The log on the outside mysteriously enough claims it can't 
> > authenticate to the inside
> > server - but how do I authenticate, all authentication in 
> IAX is based 
> > on hostname
> > or IP numbers...
> > And even more mysteriously, the message in the logfile says
> >
> > Oct 23 19:26:21 WARNING[137286656]: File chan_iax.c, Line 3838 
> > (socket_read): I don't know how to authenticate 
> > methods=rsa;challenge=135582743;username=iaxtel to <nat ip #>
> >
> > I can't find out where the username=iaxtel and methods=rsa 
> come from, 
> > have no such configuration for this
> > session. The NAT IP # is the outside address of my firewall.
> >
> > It is probably something basic that I've misunderstood. 
> Please tell me!
> >
> > /Olle
> >
> You don't really need the outside one to register with the inside one 
> bacasue you can call it by the name its registering with..
> 
> But have to tell it where to connect to..
> eg. exten => 1234,1,Dial(IAX/loginname:password at otherserver/12345)
> 
> Where otherserver is the name you specified between the [] in 
> the peer 
> definition in you iax.conf..
> 
> Hope that helps..
> 
> Later..
> 

You'll also need to forward the IAX (udp 5036, or udp 4569 if you want to
use IAX2) ports on the outside IP of your firewall to the IP address of your
inside box.  I do this with a Cisco PIX (static + acl), but I know that
iptables and pf can also do this.  Most firewalls can.  Without this,
packets from the outside can't make it to the inside box.

Randy Johnson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20031023/b726f06a/attachment.htm

More information about the asterisk-users mailing list