[Asterisk-Users] A simple network environment: a configuration issue or a bug in Asterisk?

kleis-asterisk-dev at tiscali.it kleis-asterisk-dev at tiscali.it
Wed Nov 16 01:37:02 MST 2005


My Asterisk box is installed in the DMZ of an IPCop firewall.
The RED interface of IPCop has a static public IP address, and all traffic
directed to that address is forwarded to the PBX in the DMZ.
The IPCop also routes traffic from LAN (192.168.2.0) to DMZ (172.16.0.0),
so Asterisk is reachable from LAN and Internet.

Generally speaking everything works fine, but I'm facing a strange problem
when remote SIP clients aren't NATted and have a public IP address, that
is they are connected to Internet via a bridge/modem rather than behind a
firewall/router:

The following are the _non-working_ scenarios (call flow from left to right,
'->' is the audio direction):

SIP UA (public IP) -> bridge -> Internet -> RED|IPCop|DMZ -> Asterisk/chan_zap
-> PSTN -> U
SIP UA (public IP) -> bridge -> Internet -> RED|IPCop|DMZ -> Asterisk/chan_sip
-> SIP UA (inside LAN/outside LAN)

These ones are the working scenario (call flow from left to right, '<->'
means audio in both directions):

SIP UA (private IP) <-> router (public IP) <-> Internet <-> RED|IPCop|DMZ
<-> Asterisk/chan_zap <-> PSTN <-> U
SIP UA (private IP) <-> router (public IP) <-> Internet <-> RED|IPCop|DMZ
<-> Asterisk/chan_sip <-> SIP UA (inside LAN/outside LAN)

If the call is originated by Asterisk (e.g., an incoming call from the PSTN)
or a SIP client inside the LAN, the audio is always two-ways even when the
remote client is on the Open Internet (see the non working scenarios above,
but from right to left).

Here's sip.conf:

[general]
bindport=5060
bindadrr=172.16.0.11
srvlookup=yes
externip = xxx.xxx.xxx.xxx 
;localnet=10.0.0.0/255.0.0.0		; tried all combinations
localnet=172.16.0.0/255.255.0.0
;localnet=192.168.0.0/255.255.0.0
;localnet=169.254.0.0/255.255.0.0

For each SIP client
nat=yes
qualify=yes
canreinvite=no


I wonder at the fact that the most easy scenario is the only not working.
Maybe a bug in Asterisk? Do I really have to prevent all remote clients from
using a bridge and put them inside a private network class behind a router?
Any idea, please? If it could help, I can supply tcpdump logs for traffic
analysis.

Thanks,

Alex

__________________________________________________________________
TISCALI ADSL
Solo con Tiscali Adsl navighi senza limiti e telefoni senza canone 
Telecom a partire da 19,95 Euro/mese.
Attivala subito, I PRIMI DUE MESI SONO GRATIS! CLICCA QUI:
http://abbonati.tiscali.it/adsl/sa/1e25flat_tc/






More information about the asterisk-users mailing list