[Asterisk-Users] Asterisk, SIP and NAT: Help needed!

beonice beonice at yahoo.com
Thu May 12 21:43:55 MST 2005


I've been googling and talking with Libretel about my
setup and the fact that incoming calls to my asterisk
box through the Libretel number reach my box (I hear
the greeting being played) but then don't accept DTMF.

Here is a rough diagram of my setup:

   Asterisk   | 
    server    | NAT    <------------  Libretel
              | router 
              |

Note that there are NO SIP devices, just the Asterisk
box itself.

Apparently my asterisk server is trying to accept
audio on port 31347 at 192.168.0.2 (which is,
obviously, the internal IP address). I'm already
forwarding port 5060, so I presume that's what's
allowing the incoming call to hear my recorded
greeting.

>From google, I see that I can:
  a) Set my externip address to the address of the
     NAT router
  b) Set nat=yes 
  c) Somehow mangle headers???
  d) change the dtmfmode in [general]

Okay, so I've done all of the above:
  a) I've set the externip to the static IP address
     of the router
  b) I've set nat=yes in the [general] context (I'm
     only interested in incoming calls right now)
  d) I've tried each of the dtmfmode options in the
     [general] context

As for c) I'm not sure what needs to be done there. 

I've also, additionally forwarded ports 10000 through
40000 from the router to the asterisk box (Libretel
said the box is listening to audio on port 31347, so I
needed at least to ensure that's open, and got a
little generous there).

I'm really bewildered. Especially as IAX was so
straightforward to set up and get running! 

Thanks for any help!

Cheers,
Maya

Attached is my current sip.conf:
--------------------------------------
sip.conf

;
; SIP Configuration for Asterisk
;
; Syntax for specifying a SIP device in
extensions.conf is
; SIP/devicename where devicename is defined in a
section below.
;
; You may also use
; SIP/username at domain to call any SIP user on the
Internet
; (Don't forget to enable DNS SRV records if you want
to use this)
;
; If you define a SIP proxy as a peer below, you may
call
; SIP/proxyhostname/user or SIP/user at proxyhostname
; where the proxyhostname is defined in a section
below
;
; Useful CLI commands to check peers/users:
;   sip show peers              Show all SIP peers
(including friends)
;   sip show users              Show all SIP users
(including friends)
;   sip show registry           Show status of hosts
we register with
;
;   sip debug                   Show all SIP messages
;

[general]
;context=default                        ; Default
context for incoming
calls
context=from-sip        ; Default context for incoming
calls
                                ; After all, we don't
want any random
                                ; incoming calls to
have access to
                                outbound
                                ; calling - Maya, May
1, 2005
;recordhistory=yes              ; Record SIP history
by default
                                ; (see sip history /
sip no history)
;realm=mydomain.tld             ; Realm for digest
authentication
                                ; defaults to
"asterisk"
                                ; Realms MUST be
globally unique
                                according to RFC 3261
                                ; Set this to your
host name or domain
                                name
port=5060                       ; UDP Port to bind to
(SIP standard port
is 5060)
bindaddr=192.168.0.2                ; IP address to
bind to (0.0.0.0 binds
to all)
srvlookup=yes                   ; Enable DNS SRV
lookups on outbound
calls
                                ; Note: Asterisk only
uses the first
                                host
                                ; in SRV records
                                ; Disabling DNS SRV
lookups disables the
                                ; ability to place SIP
calls based on
                                domain
                                ; names to some other
SIP users on the
                                Internet

;pedantic=yes                   ; Enable slow,
pedantic checking for
Pingtel
                                ; and multiline
formatted headers for
                                strict
                                ; SIP compatibility
(defaults to "no")
;tos=184                        ; Set IP QoS to either
a keyword or
numeric val
;tos=lowdelay                   ;
lowdelay,throughput,reliability,mincost,none
;maxexpirey=3600                ; Max length of
incoming registration we
allow
;defaultexpirey=120             ; Default length of
incoming/outoing registration
defaultexpirey=600              ; length of
incoming/outoing registration
;notifymimetype=text/plain      ; Allow overriding of
mime type in MWI NOTIFY
;videosupport=yes               ; Turn on support for
SIP video

disallow=all                   ; First disallow all
codecs
allow=ulaw                     ; Allow codecs in order
of preference
allow=ilbc                     ; Note: codec order is
respected only in [general]
allow=alaw                     ; Added by Maya
;; Added by Maya, May 7 2005
dtmfmode=inband                ; either RFC2833 or
INFO for the BudgeTone
;; End added by Maya, May 7 2005

;musicclass=default             ; Sets the default
music on hold class for all SIP calls
                                ; This may also be set
for individual users/peers
;language=en                    ; Default language
setting for all users/peers
                                ; This may also be set
for individual users/peers
;relaxdtmf=yes                  ; Relax dtmf handling
;rtptimeout=60                  ; Terminate call if 60
seconds of no RTP activity
                                ; when we're not on
hold
;rtpholdtimeout=300             ; Terminate call if
300 seconds of no RTP activity
                                ; when we're on hold
(must be > rtptimeout)
;trustrpid = no                 ; If Remote-Party-ID
should be trusted
;progressinband=no              ; If we should
generate in-band ringing always
;useragent=Asterisk PBX         ; Allows you to change
the user agent string
nat=yes                         ; NAT settings
                                ; yes = Always ignore
info and assume NAT
                                ; no = Use NAT mode
only according to RFC3581
                                ; never = Never
attempt NAT mode or RFC3581 support
                                ; route = Assume NAT,
don't send rport (work around more UNIDEN bugs)
;promiscredir = no      ; If yes, allows 302 or REDIR
to non-local SIP address
;                       ; Note that promiscredir when
redirects are made to the
;                       ; local system will cause
loops since SIP is incapable
;                       ; of performing a "hairpin"
call.
;
; If regcontext is specified, Asterisk will
dynamically
; create and destroy a NoOp priority 1 extension for a
given
; peer who registers or unregisters with us.  The
actual extension
; is the 'regexten' parameter of the registering peer
or its
; name if 'regexten' is not provided.  More than one
regexten may be supplied
; if they are separated by '&'.  Patterns may be used
in regexten.
;
;regcontext=iaxregistrations
;
; Asterisk can register as a SIP user agent to a SIP
proxy (provider)
; Format for the register statement is:
;       register =>
user[:secret[:authuser]]@host[:port][/extension]
;
; If no extension is given, the 's' extension is used.
The extension
; needs to be defined in extensions.conf to be able to
accept calls
; from this SIP proxy (provider)
;
; host is either a host name defined in DNS or the
name of a
; section defined below.
;
; Examples:
;
;register => 1234:password at mysipprovider.com
;
;     This will pass incoming calls to the 's'
extension
;
;
;register => 2345:password at sip_proxy/1234
;
;    Register 2345 at sip provider 'sip_proxy'.  Calls
from this provider connect to local
;    extension 1234 in extensions.conf default
context, unless you define
;    unless you configure a [sip_proxy] section below,
and configure a context.
;        Tip 1: Avoid assigning hostname to a sip.conf
section like [provider.com]
;        Tip 2: Use separate type=peer and type=user
sections for SIP providers
;                      (instead of type=friend) if you
have calls in both directions

externip = router.static.ip.address
                         ; Address that we're going to
put in outbound SIP messages
                         ; if we're behind a NAT

                                ; The externip and
localnet is used
                                ; when registering and
communicating with other proxies
                                ; that we're
registered with
                                ; You may add multiple
local networks.  A reasonable set of defaults
                                ; are:
;localnet=192.168.0.0/255.255.0.0; All RFC 1918
addresses are local networks
;localnet=10.0.0.0/255.0.0.0    ; Also RFC1918
;localnet=172.16.0.0/12         ; Another RFC1918 with
CIDR notation
;localnet=169.254.0.0/255.255.0.0 ;Zero conf local
network

;-----------------------------------------------------------------------------------
; Users and peers have different settings available.
Friends have all settings,
; since a friend is both a peer and a user
;
; User config options:        Peer configuration:
; --------------------        -------------------
; context                     context
; permit                      permit
; deny                        deny
; auth                        auth

; secret                      secret
; md5secret                   md5secret
; dtmfmode                    dtmfmode
; canreinvite                 canreinvite
; nat                         nat
; callgroup                   callgroup
; pickupgroup                 pickupgroup
; language                    language
; allow                       allow
; disallow                    disallow
; insecure                    insecure
; trustrpid                   trustrpid
; progressinband              progressinband
; promiscredir                promiscredir
; callerid
; accountcode
; amaflags
; incominglimit
; restrictcid
;                             mailbox
;                             username
;                             template
;                             fromdomain
;                             regexten
;                             fromuser
;                             host
;                             mask
;                             port
;                             qualify
;                             defaultip
;                             rtptimeout
;                             rtpholdtimeout

;[sip_proxy]
; For incoming calls only. Example: FWD (Free World
Dialup)
;type=user
;context=from-fwd

;[sip_proxy-out]
;type=peer                      ; we only want to call
out, not be called
;secret=guessit
;username=yourusername          ; Authentication user
for outbound proxies
;fromuser=yourusername          ; Many SIP providers
require this!
;host=box.provider.com

;[grandstream1]
;type=friend                    ; either "friend"
(peer+user), "peer" or "user"
;context=from-sip
;fromuser=grandstream1          ; overrides the
callerid, e.g. required by FWD
;callerid=John Doe <1234>
;host=192.168.0.23              ; we have a static but
private IP address
;nat=no                         ; there is not NAT
between phone and Asterisk
;canreinvite=yes                ; allow RTP voice
traffic to bypass Asterisk
;dtmfmode=info                  ; either RFC2833 or
INFO for the BudgeTone
;incominglimit=1                ; permit only 1
outgoing call at a time
                                ; from the phone to
asterisk
;mailbox=1234 at default  ; mailbox 1234 in voicemail
context "default"
;disallow=all                   ; need to disallow=all
before we can use allow=
;allow=ulaw                     ; Note: In user
sections the order of codecs
                                ; listed with allow=
does NOT matter!
;allow=alaw
;allow=g723.1                   ; Asterisk only
supports g723.1 pass-thru!
;allow=g729                     ; Pass-thru only
unless g729 license obtained


;[xlite1]
;Turn off silence suppression in X-Lite ("Transmit
Silence"=YES)!
;Note that Xlite sends NAT keep-alive packets, so
qualify=yes is not needed
;type=friend
;regexten=1234                 ; When they register,
create extension 1234
;username=xlite1
;callerid="Jane Smith" <5678>
;host=dynamic
;nat=yes                       ; X-Lite is behind a
NAT router
;canreinvite=no                ; Typically set to NO
if behind NAT
;disallow=all
;allow=gsm                     ; GSM consumes far less
bandwidth than ulaw
;allow=ulaw
;allow=alaw


;[snom]
;type=friend                    ; Friends place calls
and receive calls
;context=from-sip               ; Context for incoming
calls from this user
;secret=blah
;language=de                    ; Use German prompts
for this user
;host=dynamic                   ; This peer register
with us
;dtmfmode=inband                ; Choices are inband,
rfc2833, or info
;defaultip=192.168.0.59         ; IP used until peer
registers
;username=snom                  ; Username to use in
INVITE until peer registers
;mailbox=1234,2345              ; Mailboxes for
message waiting indicator
;restrictcid=yes                ; To have the callerid
restriced -> sent as ANI
;disallow=all
;allow=ulaw                     ; dtmfmode=inband only
works with ulaw or alaw!
;mailbox=1234 at context,2345      ; Mailbox(-es) for
message waiting indicator


;[pingtel]
;type=friend
;username=pingtel
;secret=blah
;host=dynamic
;insecure=yes                   ; To match a peer
based by IP address only and not peer
;insecure=very                  ; To allow registered
hosts to call without re-authenticating
;qualify=1000                   ; Consider it down if
it's 1 second to reply
                                ; Helps with NAT
session
                                ; qualify=yes uses
default value
;callgroup=1,3-4                ; We are in caller
groups 1,3,4
;pickupgroup=1,3-5              ; We can do call
pick-p for call group 1,3,4,5
;defaultip=192.168.0.60         ; IP address to use if
peer has not registred

;[cisco1]
;type=friend
;username=cisco1
;secret=blah
;qualify=200                    ; Qualify peer is no
more than 200ms away
;nat=yes                        ; This phone may be
natted
                                ; Send SIP and RTP to 
IP address that packet is
                                ; received from
instead of trusting SIP headers
;host=dynamic                   ; This device
registers with us
;canreinvite=no                 ; Asterisk by default
tries to redirect the
                                ; RTP media stream
(audio) to go directly from
                                ; the caller to the
callee.  Some devices do not
                                ; support this
(especially if one of them is
                                ; behind a NAT).
;defaultip=192.168.0.4

;[cisco2]
;type=friend
;username=cisco2
;fromuser=markster              ; Specify user to put
in "from" instead of callerid
;fromdomain=yourdomain.com      ; Specify domain to
put in "from" instead of callerid
                                ; fromuser and
fromdomain are used when Asterisk
                                ; places calls to this
account.  It is not used for
                                ; calls from this
account.
;secret=blah
;host=dynamic
;defaultip=192.168.0.4
;amaflags=default               ; Choices are default,
omit, billing, documentation
;accountcode=markster           ; Users may be
associated with an accountcode to ease billing



		
Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html




More information about the asterisk-users mailing list