[Asterisk-Users] Broken firewall or brain damaged admin?

[Brian Capouch]

I am travelling this week and have had to buy connectivity from a hotel 
and at a couple of airports.

For the first time ever, I have had problems (twice out of four 
connections) with IAX traffic going through firewalls.

I'm almost certain I'm looking at a broken firewall, and if it's a 
commercial one that's in use by hotspot/hotel-type operations, I would 
like to follow up and see if I can figure out how to convince them to 
fix it.

In both cases I have been on a NAT connection.

In both cases I have been able trace and see the following behavior, 
identical in both:

1. My packets leave a private IP asking for a UDP connection to my home 
Asterisk server, port 4569.

2. Asterisk reports "<Unregistered>" when I do an iax2 show registry.

3. Sniffing at my home server shows tons of traffic similar to this snippet:

21:30:37.829275 ip-66-80-112-58.chi.megapath.net > pbx: icmp: 
ip-66-80-112-58.chi.megapath.net udp port 4569 unreachable (DF)
21:30:37.833965 ip-66-80-112-58.chi.megapath.net > pbx: icmp: 
ip-66-80-112-58.chi.megapath.net udp port 4569 unreachable (DF)

I'd like to ask the list two things: first, is this indeed a broken 
firewall?  It seems like the NAT mapping that sends traffic out should 
accept the return traffic on the port it uses (4569 in this case) as its 
*source* port.

Second, and more important, anything I can do beyond beating my head 
against doltish ISP customer service reps, who in both cases told me 
that I had something broken "on my end?"

Thanks in advance.

B.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.