[asterisk-users] Suspicious routers

[Andreas Sikkema]

Darryl,

> I've seen and suspected this before, and changing the old cheap routers
> has generally fixed this, but I'm wondering if anyone else has seen this
> before, and if there are other routers I need to worry about. I don't
> yet have an automated way to test routers for this, but I'm seriously
> thinking about coming up with something.

Most of the cheaper NAT implementations appear to assume that there's
ever only just one client on the LAN side sending traffic from port A to
a server port on the WAN side. For TCP this assumption is a nice hack
with not too much risk, for UDP applications which send traffic from a
well known port to a well known port, this is killing.

I've added a full chapter on this problem in our manual that gets sent
to customers, which basically says to reconfigure the SIP clients to all
use a different source port for SIP traffic. This should be applicable
to most UDP based protocols.

I think this is valid for most routers below a certain price point
($250?), perhaps those running Linux might not be affected.

-- 
Andreas Sikkema