[asterisk-users] No NAT, but firewall mangles Register SDP
Robert Moskowitz
rgm at htt-consult.com
Thu Jan 10 16:23:18 CST 2008
Nailed it!
TCPdump on Trixbox 2.4 (Asterisk 1.4.17-1) going out and public side of
firewall (Linksys WRT54G running Sveasoft) Firewall is configued NOT to
NAT (public addressing on internal network.
I stop asterisk (amportal stop). wait 30 min to insure timeout. Start
both tcpdumps. Start Asterisk (amportal start). Get into Asterisk cli
to insure registration was successful. Stop everything. Look at dumps
with Wireshark.
It very first SIP packet is a REGISTER coming from TB heading for
Broadvoice (Only a SIP extension and Broadvoice SIP trunk defined).
The UDP ports are SRC=5060 DST=5060. Length is different 5 bytes were
added by the firewall, inside the SIP packet.
From TB the Contact content is Phone#@IP#, while going out the firewall
it is Phone#@IP#:5060
And this works. For calling from Broadvoice into TB.
But if I run a firewall that does NOT mangle the SIP content it does NOT
work.
sip.broadvoice.com is really a Proxy server, and the INVITE coming from
it has content that directs the RTP server over to a different
Broadvoice server. That is when the Linksys box is there mangling the
SIP content. With the regular firewall, TB gets an INVITE without the
redirect content and tries to set up the RTP call with their proxy
server which ICMP rejects the RTP packets.
So.....
What do I do so that without a mangling firewall this works?
Is Broadvoice "broken" and can only work through a NAT? Will simply
adding NAT=yes result in the Phone#@IP#:5060 in the first place?
thank you all.
More information about the asterisk-users
mailing list