[asterisk-users] Routers that do not show external IPs...

Tim Nelson tnelson at rockbochs.com
Thu Oct 14 14:06:31 CDT 2010


----- "Stefan Schmidt" <sst at sil.at> wrote:
> Am 14.10.2010 20:29, schrieb Tim Nelson:
> > ----- "Stefan Schmidt" <sst at sil.at> wrote:
> >>> 	This is not a problem with Asterisk.  The router rewrites all
> >> external
> >>> connections with its own IP so even a SSH connection will seem to
> >> be
> >>> coming from the router (the 'w' command will say you are
> connected
> >> from
> >>> the router and not from the IP address of your Internet
> >> connection).
> >>>
> > 
> > Isn't this the purpose and definition of NAT? Your private network
> sits behind the NAT while outbound traffic has it's source IP (maybe
> port...) rewritten to that of the external IP of the router? This
> holds true if the router's public interface is on another RFC1918
> private network.
> > 
> yes thats the definition of NAT, but in that case the router should
> not
> touch the IP headers or atleast SIP headers.
> and it looks like the router also touches TCP header cause your the
> source IP of an TCP connection would never be the gateway ip in a
> typical NAT setup.

The TCP header is exactly what the NAT changes, no?

> >>
> >> OMG thats the worst kind of doing everything wrong as possible i
> ever
> >> heard of. I wonder if this router works in ANY way.
> > 
> > Uhm...
> Sorry if this is shocking for you, but i have seen really a big
> amount
> of different routers doing different thing very wrong but changing
> source IPs of TCP connections is really worst.

See above question?

> > 
> >>
> >> You can try to turn of these ALG features which the router have
> build
> >> in
> >> and also these SPI (statefull packet inspection).
> > 
> > NAT isn't exactly an ALG...
> No Nat is only Translation but ALG makes it allways wrong ;)

On this we're in agreement. :-) ALGs typically do more harm than good unless implemented properly in a controlled environment... maybe.

--Tim



More information about the asterisk-users mailing list