[Asterisk-Users] problem facing on Firewall, NAT and asterisk

[Jon Lawrence]

On Wednesday 03 November 2004 19:37, prasad_s wrote:
> Hi all,
>
> I am using asterisk, which is running on one machine having static(global)
> IP. I have another machine(Internet server with global IP, with firewall)
> working as gateway for internal machines having local IP starting with
> 192.168.xxx.xxx. My SIP client(xten-xlite) is on LAN machine and registers
> to the asterisk server through this sip phone. All machines on the LAN,
> having sip phone are registered to asterisk server. But the problem is when
> I call internally between two sip client I don't get voice path between
> these two sip phones, i.e. I can not talk and hear from both phones, though
> I get message on the asterisk server "connected".
> Is this because of Firewall and NAT between my sip client and asterisk
> server? But then how I get register to asterisk server?
> Is there any workaround for this problem
>

The way that I get around this is to have a 2nd nic in the asterisk box which 
exists on the local (192.x.x.x) network. That way, my phones register to the 
servers' RFC1918 address. That server sets all local (RFC1918) phones to 
canreinvite=no and it works perfectly.
In my case, I run a firewall on the * box to try and keep the internal lan 
secure - obviously is someone hacks the * box then they've got access to my 
internal lan. This is not an ideal solution, but I think that it suffices atm 
- at least until * supports IPv6. Yes it means that there are 2 firewalls to 
maintain, but the * firewall never changes so it's not a great hassel.

Jon