[asterisk-users] SIP & NAT ...

Gordon Henderson gordon+asterisk at drogon.net
Fri Jun 1 09:21:04 MST 2007 

On Fri, 1 Jun 2007, Anthony Francis wrote:

> do sip debug and then look again if still nothing then from linux do tcpdump 
> -Avvv host <ip-address of problem device> and see if its getting blocked by 
> iptables or not even reaching you. You should prolly show us what your 
> sip.conf looks like and the dial command in use as well as the context it is 
> in.

I'll see if sip debug shows anything, but when I did a quick tcpdump 
earlier I didn't see anything. (there are no iptables, just a router with 
port-forwarding to the box)

It's always the 2nd entry in sip.conf that works - The first one never 
works. I can swap them round, sip reload and the other one will then work, 
but never the first one! If I just have one, (either one), it works 
perfectly well.

There are register statements for both accounts, and sip show peers 
indicates that both are registerd OK.

Not sure how the dial command will help you as it's incoming from a 
foreign system that doesn't work. As far as I can tell, the SIP commands 
doesn't even make it as far as the box. There is nothing in console 
output, and callers get a number unobtinable signal.

Outgoing dialling is perfectly fine and does what I expect it to do over 
both lines. I just want to make sure there's nothing amis at my end before 
I go chasing the external provider.

My suspicion is that there is an issue with 2 SIP channels to the same 
external provider from the same internal IP address - either something to 
do with NAT handling at my end (useless Draytek router?), or the remote 
end just not expecting 2 channels from the same IP address (although that 
would be the scenario with multiple phones inside a NAT fiewwall, but each 
with their own internal IP address using STUN rather than one IP address 
opening 2 SIP channels) Doing a full DMZ redirect isn't an option here as 
there are other servers behind the firewall handling email.

Setting up SIP channels this way is something I've done many times before 
(it's automated on my systems via a web interface, so it hopefully doesn't 
make typos :) and it works to many different systems, but I've never had 2 
going to the same IP address before.

I'll do more tests over the weekend though (when the client isn't using 
their system!) and extract the config files.

Thanks,

Gordon

More information about the asterisk-users mailing list