[asterisk-users] Asterisk and Client NAT

Gordon Henderson gordon+asterisk at drogon.net
Sun Aug 19 06:08:36 CDT 2007


On Sun, 19 Aug 2007, G B wrote:

>
> Hi Gordon,
>
> I did everything that you suggested, however, the symptoms remain.
>
> I set the rtp.conf to use ports 10000 to 20000
>
> I assured that my router was forwarding these ports. However, the Media 
> Description Section of the SIP/SD packet (captured with ethereal) reads:
>
> Media Description, name and address (m): audio 50486 RTP/AVP 0 8 101
>
> 50486 is the destination port of all RTP packets sent from the client. 
> These are filtered out by my server NAT's firewall. It seems that 
> Asterisk is not using rtp.conf
>
> I did some searching and found the following link. This is right around 
> the time that I downloaded. Could this be the trouble?
>
> http://lists.digium.com/pipermail/asterisk-bugs/2007-July/001213.html

I know what when I do that on my systems, it "just works". Even with 
xlite.

I've never fiddled with rtp.conf. Mine is as it came with the default 
installation.

   rtpstart=10000
   rtpend=20000

However, I'm running asterisk version 1.2.X, so there might be some other 
issues with 1.4.

This is the scenario that 99% of my installations work under for people 
with phones not on the office LAN, and so-far so good (for me!)

Gordon

>
>> Date: Sun, 19 Aug 2007 11:08:57 +0100
>> From: gordon+asterisk at drogon.net
>> To: asterisk-users at lists.digium.com
>> Subject: Re: [asterisk-users] Asterisk and Client NAT
>>
>> On Sun, 19 Aug 2007, G B wrote:
>>
>>>
>>> Hi,
>>>
>>>
>>> I realize that this is amongst the worst configurations, but I have been
>>> made to believe that it can work... eventually. However, currently SIP
>>> call set up seems to go fine, but no media is transferred in either
>>> direction. For example, the following is output on the asterisk CLI
>>> despite no voice being heard. -- Executing [101 at john:1]
>>> Playback('SIP/john-081da978', 'hello-world') in new stack
>>
>> *sigh* The old NAT & SIP issue - again... )-:
>>
>> There is a lot of the VoIP WiKi on it. Eg:
>>    http://www.voip-info.org/wiki-Asterisk+SIP+NAT+solutions
>>
>> However, assuming the asterisk and client are behind different NAT
>> firewalls, do this:
>>
>> 1. Tell the client to use a stun server and don't fiddle with the client's
>> firewall (other than to make sure it's not actually firewalling 5060 and
>> 10000-20000)
>>
>> If you're stuck for a stun server, use stun1.drogon.net:3478
>>
>> 2. Port forward 5060-5069 and 10000-20000 on the firewall that fronts the
>> asterisk box to the asterisk box.
>>
>> 3. Tell asterisk it's behind a NAT firewall.
>>
>>> 1. sip.conf
>>> [global]
>>> nat=yes
>>> canreinvite=no
>>
>> This isn't enough. You also need to tell it the IP address of the external
>> firewall, and your local network address.
>>
>>    nat=yes
>>    localnet=192.168.2.0/24
>>    externip=1.2.3.4
>>
>> Where 1.2.3.4 is the external IP address - the one the client is pointing
>> to. This needs to be a static IP address (or at least not change for the
>> duration of your use) the client can be behind a dynamic IP address.
>>
>> you might need a bit more in the client definition - eg:
>>
>> [100]
>> context=internal
>> type=friend
>> secret=very
>> qualify=yes
>> nat=yes
>> host=dynamic
>> canreinvite=no
>> dtmfmode=rfc2833
>> mailbox=100
>> callerid=Joe Bloggs <100>
>> callgroup=1
>> pickupgroup=1
>> subscribecontext=BLF
>>
>> And that's it.
>>
>> Gordon
>>
>> _______________________________________________
>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
> _________________________________________________________________
> Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy!
> http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us



More information about the asterisk-users mailing list