[asterisk-users] Asterisk both behind a NAT and outside at the same time

Tue Oct 31 14:51:44 MST 2006

On 10/31/06, Brad Templeton <brad+aster at templetons.com> wrote:
> On Tue, Oct 31, 2006 at 07:40:35PM +0800, Leo Ann Boon wrote:
> > >
> > Have you tried setting the externalip and localnet parameters?
> >
> Localnet makes some sense, and is set (should be the default anyway, no?)
>
> externalip, as I understand it, is for an Asterisk which is behind
> a NAT.  This asterisk is not behind a NAT to anybody.  The
> phones are behind a NAT to the outside world but not to the
> Asterisk box, which has two ethernets on it, one for the internal
> natwork and one for the real internet.
>
> It uses bindaddr=0.0.0.0 and listens to both addresses.
>
>
> > Sorry for my previous post I misunderstood the problem.
> > You should set canreinvite=no to all sip peers that connect from outside.
>
>
> That's precisely what I don't want to do.  This would block native
> bridging in the one case where it's most important.
>
>
> The correct behaviour, as I see it is:
>
>     a) Native bridge when connecting two external channels -- everybody is on the real internet

It might not work if one of them is NATed. Therefore the correct way
to do this is to use canreinvite=no

>     b) Native bridge when connecting two internal channels -- everybody is on the 192.168.* network

canreinvite=yes will take care of this.

>     c) Route RTP through Asterisk when connecting internal and external

Again by adding canreinvite=no to externals you have this.

>     d) When a channel is to a device behind a remote NAT, the usual rules apply
>        (either use STUN or other smart NAT, or route RTP through Asterisk)

How will asterisk know? The correct *setting* (not behavior) is
canreinvite=no for the external devices.

>
> The "super" correct behaviour, which I don't expect but would be nice is
>
>     e) Clever native bridge between internal and external by being aware that the device
>        talks to the outside world using a different address than it talks to you.
>        (Possibly if the phones use STUN they will tell Asterisk their external IP, which
>        is not the same as Asterisk's though it's on the same subnet)
>
>
>
> I have used localnet=192.168.* and nat=yes on a local device and it still
> attempts an incorrect native bridge between internal and external, with
> one-way audio.
>
> If I do canreinvite=no on the local devices then it works of course, but
> now means the local phones will never native bridge amongst themselves.
> In a larger network, that would be a problem, and it's a poor result in any
> network.
>

Why are you so against having the RTP go thru asterisk?