[asterisk-users] Asterisk both behind a NAT and outside at the same time

C F shmaltz at gmail.com
Tue Oct 31 07:15:04 MST 2006


Sorry for my previous post I misunderstood the problem.
You should set canreinvite=no to all sip peers that connect from outside.

On 10/31/06, C F <shmaltz at gmail.com> wrote:
> Seems to me that you have a routing problem, asterisk should not know
> how to send packets to an outside IP using the NATed network. Make
> sure that the internal (NAT) interface doesn't have a gateway to it.
>
> On 10/31/06, Brad Templeton <brad+aster at templetons.com> wrote:
> >
> > I've read a lot of the descriptions of handling NAT with Asterisk,
> > and the use of both the nat and canreinvite flags.  I am very
> > familiar with Sip and NAT but have not seen an answer to the following
> > question.
> >
> >
> > My Asterisk server runs on a machine with two ethernets.  One is
> > an external net, with exposed IP addresses.   The other is an internal
> > net with natted IP addresses.   Thus the server has two addresses.
> >
> > The server is _not_ the NAT gateway.  That's a linksys box which has
> > its own external IP to gateway traffic from the internal natwork.
> >
> > The phones are on the internal NATwork.   Asterisk talks to them over
> > it.   Outside peers, such as SIP termination providers etc. talk
> > to the Asterisk server via its outside address, which is as you
> > would expect.
> >
> > However, from time to time I get the famous one-way audio because
> > Asterisk has decided to do a native bridge between a natted SIP
> > phone and an external SIP peer.   It sends the internal IP of
> > the SIP phone in the SDP and of course the outside service can't
> > send packets to that.
> >
> > I could just turn off reinvites on the internal phones, but this
> > would cause them to route all traffic through the asterisk box,
> > even on internal calls between phones on the same ethernet, which
> > seems foolish to me.   I don't want to turn off reinvites to the
> > external peers -- if a call comes in from a SIP originator for example,
> > and is send back out to a SIP terminator (call forwarding) I want
> > a native bridge for sure.    (Handling the internal traffic is not
> > so much of a burden though sometimes I hear latency because of it, but
> > routing external traffic through the asterisk box is a bad thing.)
> >
> > So what I want is for Asterisk to use native bridges when connecting
> > two channels behind the NAT, or two channels on the real internet, but
> > not to do so when connecting an internal and external channel.
> >
> > It should be able to see the IP addresses, and know the difference between
> > natted and external ones and know they can't talk to one another.
> > (The ICE protocol would handle this someday.)
> >
> > Is IAX smarter about this?
> >
> > Of course I might even want to get smarter about this.  Is it possible,
> > typically by configuring stun in the phones, to have them be aware of their
> > external IP and tell Asterisk about it?  With a full cone NAT, it would
> > work to do a native bridge between the internal and external devices
> > so long as the external device is given the right address and port of
> > the NAT box, not the internal address of the phone.   However, we don't
> > want to do this on internal to internal calls -- many NATs can't hairpin.
> >
> >
> > I would think this would be a common situation (though perhaps more
> > commonly the asterisk server IS the firewall/NAT.)   Is there a
> > solution that does the right thing most of the time?
> > _______________________________________________
> > --Bandwidth and Colocation provided by Easynews.com --
> >
> > asterisk-users mailing list
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-users
> >
>


More information about the asterisk-users mailing list