[Asterisk-Users] Anyone doing NAT through m0n0Wall?

Fri Dec 23 09:32:11 MST 2005

Mark, we work on a few of NAT to NAT issues and resolved them by using the
new version 1.2.1 and externhost=
No sure how you got externip= to do FQN because we were not able to get it
to work...
"Please"..Can you let me know, how you got it to work? that way I can avoid
upgrading couple of my clients in a production environments...
TIA,,,

Manny

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Mark Phillips
Sent: Thursday, December 22, 2005 7:48 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: [Asterisk-Users] Anyone doing NAT through m0n0Wall?
Hi Folks,
I've just built myself a m0n0Wall based around a WRAP board and whilst 
it work really well for everything else I'm having some issues with 
Asterisk's NAT abilities.
Here's my setup,
A bunch of hardphones (various types) littered around the house.
SPA-3000 handles the house POTS line which forwards to extention 2005.
X-Ten Pro on my laptop for when I'm out and about.
Grandstream BT-101 at my dad's house via our cable modems.
Until replacing the Linksys with the m0n0Wall everything was working 
fine and dandy.
I have externip=g7ltt.dyndns.org set in my sip.conf file. Without it I 
could not make my dad's phone work.
With the m0n0Wall in place and the externip setting set I can make no 
calls internally but all the external phones work just fine. The reverse 
is true when I remove the externip setting; the internal phones work but 
the external ones don't.
I've done some tracing with both firewalls and have noted the following;
Linksys: externip set all SIP and IAX2 frames from * have my public 
address as the reply-to regardless of the NAT requirement of the phone 
in use. In other words it offers up the external address for internal 
calls. All data flows through the Linksys when addressed to the public 
IP address and is then forwarded back to the * server.
m0n0Wall: externip set as above and the firewall drops the packets. 
externip not set and the * NAT doesn't work.
I know that the m0n0Wall requires a rule to be added to make it work as 
before but what I don't understand is why is Asterisk forcing all calls 
to use its public IP address when externip is set?
Surely this doubles network traffic; one packet goes to the router. 
another goes from the router to the internal host. Why doesn't go 
directly over the LAN for internal stuff?
I had assumed that the addition of a nat=yes statement in the relevant 
phone stanza would turn on or off the NAT reqirement for that phone 
device but this doesn't seem to be the case.
Any ideas would be greatly appreciated.
Mark