[Asterisk-Users] Restricting registration for peer '611' to 60
seconds (requested 1200)
Kevin P. Fleming
kpfleming at digium.com
Mon Oct 17 05:43:48 MST 2005
tim panton wrote:
> By the way, there is a reason for this. It ensures that there is
> traffic (initiated by the client) often
> enough to keep the 'connection' in a NATing firewall's map of ports.
> This means that a
> 'new' call (ie incoming) message from asterisk to the client will be
> seen by the firewall as part of that
> 'recent' conversation and allowed through (and correctly forwarded).
Ostensibly that was the reason, yes, but it's flawed... 'qualify' is
much better for that purpose, for three reasons:
1) It is initiated from the server end instead of the peer end, so there
is no chance the firewall will drop the association.
2) It is far less work on the server; registrations require
authentication and database updates.
3) It will also make your Asterisk server aware of when the peer becomes
unreachable.
Personally, I'd recommend changing the minexpiry time to something like
300 seconds or longer, and using 'qualify' to keep the NAT mapping alive.
More information about the asterisk-users
mailing list