[asterisk-users] Asterisk both behind a NAT and outside at the
same time
Leo Ann Boon
leo at datvoiz.com
Tue Oct 31 04:40:35 MST 2006
Brad Templeton wrote:
> I've read a lot of the descriptions of handling NAT with Asterisk,
> and the use of both the nat and canreinvite flags. I am very
> familiar with Sip and NAT but have not seen an answer to the following
> question.
>
>
> My Asterisk server runs on a machine with two ethernets. One is
> an external net, with exposed IP addresses. The other is an internal
> net with natted IP addresses. Thus the server has two addresses.
>
> The server is _not_ the NAT gateway. That's a linksys box which has
> its own external IP to gateway traffic from the internal natwork.
>
> The phones are on the internal NATwork. Asterisk talks to them over
> it. Outside peers, such as SIP termination providers etc. talk
> to the Asterisk server via its outside address, which is as you
> would expect.
>
> However, from time to time I get the famous one-way audio because
> Asterisk has decided to do a native bridge between a natted SIP
> phone and an external SIP peer. It sends the internal IP of
> the SIP phone in the SDP and of course the outside service can't
> send packets to that.
>
> I could just turn off reinvites on the internal phones, but this
> would cause them to route all traffic through the asterisk box,
> even on internal calls between phones on the same ethernet, which
> seems foolish to me. I don't want to turn off reinvites to the
> external peers -- if a call comes in from a SIP originator for example,
> and is send back out to a SIP terminator (call forwarding) I want
> a native bridge for sure. (Handling the internal traffic is not
> so much of a burden though sometimes I hear latency because of it, but
> routing external traffic through the asterisk box is a bad thing.)
>
> So what I want is for Asterisk to use native bridges when connecting
> two channels behind the NAT, or two channels on the real internet, but
> not to do so when connecting an internal and external channel.
>
> It should be able to see the IP addresses, and know the difference between
> natted and external ones and know they can't talk to one another.
> (The ICE protocol would handle this someday.)
>
>
Have you tried setting the externalip and localnet parameters?
Leo
More information about the asterisk-users
mailing list