[asterisk-users] Asterisk both behind a NAT and outside at the same time

Brad Templeton brad+aster at templetons.com
Tue Oct 31 11:47:10 MST 2006


On Tue, Oct 31, 2006 at 07:40:35PM +0800, Leo Ann Boon wrote:
> >  
> Have you tried setting the externalip and localnet parameters?
> 
Localnet makes some sense, and is set (should be the default anyway, no?)

externalip, as I understand it, is for an Asterisk which is behind
a NAT.  This asterisk is not behind a NAT to anybody.  The
phones are behind a NAT to the outside world but not to the
Asterisk box, which has two ethernets on it, one for the internal
natwork and one for the real internet.

It uses bindaddr=0.0.0.0 and listens to both addresses.  


> Sorry for my previous post I misunderstood the problem.
> You should set canreinvite=no to all sip peers that connect from outside.


That's precisely what I don't want to do.  This would block native
bridging in the one case where it's most important.


The correct behaviour, as I see it is:

    a) Native bridge when connecting two external channels -- everybody is on the real internet
    b) Native bridge when connecting two internal channels -- everybody is on the 192.168.* network
    c) Route RTP through Asterisk when connecting internal and external
    d) When a channel is to a device behind a remote NAT, the usual rules apply
       (either use STUN or other smart NAT, or route RTP through Asterisk)

The "super" correct behaviour, which I don't expect but would be nice is

    e) Clever native bridge between internal and external by being aware that the device
       talks to the outside world using a different address than it talks to you.
       (Possibly if the phones use STUN they will tell Asterisk their external IP, which
       is not the same as Asterisk's though it's on the same subnet)



I have used localnet=192.168.* and nat=yes on a local device and it still
attempts an incorrect native bridge between internal and external, with
one-way audio.

If I do canreinvite=no on the local devices then it works of course, but
now means the local phones will never native bridge amongst themselves.
In a larger network, that would be a problem, and it's a poor result in any
network.

This is the latest svn of 1.2, by the way.


More information about the asterisk-users mailing list