[Asterisk-Users] Anyone doing NAT through m0n0Wall?

Colin Anderson ColinA at landmarkmasterbuilder.com
Thu Dec 22 08:17:37 MST 2005 

I am. Setup exactly as you describe, in a corporate environment. No problem
whatsoever. Do you have port forwarding rules to your Asterisk server from
the WAN interface specifically for 5060 UDP and RTP 10000-20000?

Also Monowall 1.2 was flaky for me, I'm running 1.1

-----Original Message-----
From: Mark Phillips [mailto:g7ltt at g7ltt.com]
Sent: Thursday, December 22, 2005 5:48 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: [Asterisk-Users] Anyone doing NAT through m0n0Wall?

Hi Folks,

I've just built myself a m0n0Wall based around a WRAP board and whilst
it work really well for everything else I'm having some issues with
Asterisk's NAT abilities.

Here's my setup,

A bunch of hardphones (various types) littered around the house.
SPA-3000 handles the house POTS line which forwards to extention 2005.
X-Ten Pro on my laptop for when I'm out and about.
Grandstream BT-101 at my dad's house via our cable modems.

Until replacing the Linksys with the m0n0Wall everything was working
fine and dandy.

I have externip=g7ltt.dyndns.org set in my sip.conf file. Without it I
could not make my dad's phone work.

With the m0n0Wall in place and the externip setting set I can make no
calls internally but all the external phones work just fine. The reverse
is true when I remove the externip setting; the internal phones work but
the external ones don't.

I've done some tracing with both firewalls and have noted the following;

Linksys: externip set all SIP and IAX2 frames from * have my public
address as the reply-to regardless of the NAT requirement of the phone
in use. In other words it offers up the external address for internal
calls. All data flows through the Linksys when addressed to the public
IP address and is then forwarded back to the * server.

m0n0Wall: externip set as above and the firewall drops the packets.
externip not set and the * NAT doesn't work.

I know that the m0n0Wall requires a rule to be added to make it work as
before but what I don't understand is why is Asterisk forcing all calls
to use its public IP address when externip is set?

Surely this doubles network traffic; one packet goes to the router.
another goes from the router to the internal host. Why doesn't go
directly over the LAN for internal stuff?

I had assumed that the addition of a nat=yes statement in the relevant
phone stanza would turn on or off the NAT reqirement for that phone
device but this doesn't seem to be the case.

Any ideas would be greatly appreciated.

Mark



--

Mark, G7LTT/KC2ENI
Randolph, NJ
http://www.g7ltt.com
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --

Asterisk-Users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list