[asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
John Constalgie
caduceus_abode at hotmail.com
Thu Jan 17 19:09:17 CST 2008
Hi there
this is an interesting topic that I see here and a problem that I am trying to solve too.
But I was wondering if the forwarding solution will work for my case.
So I have two Asterisk boxes A and B.
A is behind a corporate NAT such that A can SSH to B, but not vice versa( "One-way SSH" ) . The UDP port 5060 of the corporate NAT is blocked off and I will not be able to have it unblocked for security reasons.
Hence, is my only choice using an SSH tunnel between A and B for the IAX connection to work? Will it work though with that "One-way SSH" factor mentioned before?
Thanks
John
> From: thp at westhawk.co.uk> To: asterisk-users at lists.digium.com> Date: Wed, 2 Jan 2008 16:29:45 +0000> Subject: Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk> > Sure, but if (as is often the case) you only have control over the > firewall at one end of the> link, you set the forwarding at the end you control and have the far > end to register to you every> 30 seconds.> > Tim.> On 2 Jan 2008, at 15:13, Rob Hillis wrote:> > > Perhaps. I've never been one to trust that firewalls operate as > > they should - I've been bitten far too many times by a firewall that > > doesn't quite behave as you expect. Also, when diagnosing network > > connectivity problems, I find that it helps to have the rules in > > place rather than having to infer the rule.> >> > Tim Panton wrote:> >>> >> If you are careful, you only need to setup a port forward at one end> >> of the IAX trunk.> >>> >> Have one Asterisk register (regularly) with the other.> >> The second asterisk (server) will need to have port 4569 forwarded> >> through it's router.> >> The first asterisk (client) wont need any port forwarding.> >>> >> Tim.> >> On 2 Jan 2008, at 10:18, Rob Hillis wrote:> >>> >>> >>> The reason that IAX2 is considered good for NAT issues is that it> >>> uses only one port for both control messages and voice traffic as> >>> opposed to SIP that uses a predictable port for control messages and> >>> an unpredictable one for voice/video traffic.> >>>> >>> If both servers are behind NAT servers, you will need to ensure that> >>> the appropriate UDP port (by default 4569) are forwarded to your> >>> Asterisk servers. Only this port is required - RTP isn't used by> >>> IAX2.> >>>> >>> bilal ghayyad wrote:> >>>> >>>> Hi List;> >>>>> >>>> I heared that IAX is good for NATing issues, but I do> >>>> not know if it can help me in that senario:> >>>>> >>>> I have two Asterisks machines in different sites and> >>>> both are behind NAT (both have private IP address), I> >>>> need to link these two asterisks with IAX trunk (if it> >>>> help really in such senario), but I do not know if it> >>>> will work without doing special routing settings on> >>>> the router (like TCP/UDP port mapping or IP> >>>> forwarding)? How that will be it if possible? Or I> >>>> have to do a kind of port mapping?> >>>>> >>>> If I will need to use port mapping, then I have to map> >>>> the TCP and UDP ports that are determined in iax.conf> >>>> and rtp.conf files at site A for asterisk ip address> >>>> at site A? Or I have to map the TCP and UDP ports that> >>>> are in iax.conf and rtp.conf at site B for asterisk ip> >>>> address at site A? In other words, if I am at site B> >>>> then I have to go for router B and do mapping for> >>>> TCP/UDP ports of the asterisk at site B or the> >>>> asterisk at site A?> >>>>> >>>> Any help.> >>>> Regards> >>>> Bilal> >>>>> >>>>> >>>>> >>>> ____________________________________________________________________________________> >>>> Looking for last minute shopping deals?> >>>> Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping> >>>>> >>>> _______________________________________________> >>>> --Bandwidth and Colocation Provided by http://www.api-digital.com--> >>>>> >>>> asterisk-users mailing list> >>>> To UNSUBSCRIBE or update options visit:> >>>> http://lists.digium.com/mailman/listinfo/asterisk-users> >>>>> >>>>> >>> _______________________________________________> >>> --Bandwidth and Colocation Provided by http://www.api-digital.com--> >>>> >>> asterisk-users mailing list> >>> To UNSUBSCRIBE or update options visit:> >>> http://lists.digium.com/mailman/listinfo/asterisk-users> >>>> >>> >> _______________________________________________> >> --Bandwidth and Colocation Provided by http://www.api-digital.com--> >>> >> asterisk-users mailing list> >> To UNSUBSCRIBE or update options visit:> >> http://lists.digium.com/mailman/listinfo/asterisk-users> >>> > _______________________________________________> > --Bandwidth and Colocation Provided by http://www.api-digital.com--> >> > asterisk-users mailing list> > To UNSUBSCRIBE or update options visit:> > http://lists.digium.com/mailman/listinfo/asterisk-users> > > _______________________________________________> --Bandwidth and Colocation Provided by http://www.api-digital.com--> > asterisk-users mailing list> To UNSUBSCRIBE or update options visit:> http://lists.digium.com/mailman/listinfo/asterisk-users
_________________________________________________________________
Shed those extra pounds with MSN and The Biggest Loser!!
http://biggestloser.msn.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20080117/0c67902b/attachment.htm
More information about the asterisk-users
mailing list