[asterisk-users] Is this doable?
Gordon Messmer
yinyang at eburg.com
Sun Feb 5 14:31:24 CST 2012
On 02/03/2012 02:52 PM, Josh wrote:
>
> At this stage, after reading for the past couple of days, my two main
> concerns are NAT handling of SIP as both the Asterisk & my clients will
> be behind a firewall on a private net,
That's not entirely unusual. Unfortunate as it is, NAT abounds.
> and multitasking - the latter
> *may* be solved by going with AGI (not sure yet as Asterisk is still
> completely new to me).
I don't really follow you.
>>> If so, I am not completely clear on whether I need to explicitly specify
>>> my public IP address (via externip/externhost) or whether Asterick is
>>> able to find it without this option?
>> As I understand it, that depends on your router. If you have a Linux
>> router with the ip_nat_sip module, it'll "fix" your SIP packets so
>> that you don't need to use the externip setting. However, you'll need
>> to test to verify that.
> Nope! My eth0 interface is not facing the public Internet directly - it
> takes its IP address from my ISP's DHCP (which is private!) even though
> it can forward/pass traffic through the public internet via that
> interface, that is the problem.
In this case, "your" router is the one that your ISP provided or is
using, which performs NAT for your hosts. If it is Linux with
ip_nat_sip, I believe that it'll "fix" packets without requiring you to
configure your Asterisk host.
>>> One final question about binding: in order to be able to use both tun0
>>> and eth1 interfaces so that Asterick serves the calls from both eth1 and
>>> tun0, do I have to use "bind 0.0.0.0"? Is there an alternative, like
>>> specifying "bind 10.1.1.1" for eth1 and then "bind 10.1.2.1" for the
>>> tun0 interface - is this possible?
>>
>> Start with binding to 0.0.0.0.
> That was my initial intention as I was hoping Linux will map each
> request/response using the appropriate interface (i.e. on which
> interface it comes from), I realise binding on 0.0.0.0. is not ideal
> from a security point of view (I'd rather issue separate udpbind
> statements for the interfaces I want to use), but for now it have to do
> if there isn't an alternative.
Linux *can* do that, but it requires a bit of configuration for route
selection. I usually use Shorewall for multi-ISP (or multi-interface)
configurations.
More information about the asterisk-users
mailing list