[asterisk-users] NAT and Dial to two channels at once

[Brad Templeton]

On Mon, Dec 11, 2006 at 06:48:18PM -0500, Andrew Joakimsen wrote:
> You need to understand how NAT works, if you can chan2 and chan2 is behind a
> NAT and suddenly someone else is invited to chan2's IP address port 5060
> chan2's router willl say "WTF I dont have an estabished connection on port
> 5060" (to the client being reinvited to chan2) and it wont work. You need to
> have the media path go through asterisk in that case.

Actually, it's more complex than that.

If the NAT box has had a hole poked (in its config) for the RTP port (SIP
port is only used by Asterisk) then any machine can send it RTP on that
port.

In addition, if the NAT is of the "full cone" type, any host can send to
your port once you have sent a packet out that port.

With Restricted cone and Port restricted cones, it also works as long as
the Natted IP phone is sending packets out to the other host already.
Which it should be if we have symmetric RTP.

Symmetric NATs, which are rare, will change the port number when they
start talking to a different host for RTP.  This will screw up all but
the cleverest implementations.  (Though there are endpoints that notice
if the RTP is coming from a port other than they were told, and start
sending to that instead of the one in the SDP)

What doesn't work is assymetric RTP with NAT.   In this case we have
the audio going through asterisk in one direction, and directly in
the other direction.  That will fail if the direct direction tries
to go into a nat (it should work if it's only leaving a nat)

Asterisk currently does assymetric RTP if it thinks it only has to
listen to one end of the audio path.  That's a good idea in
general -- but not one that works through anything but a
manually opened NAT.