<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class='hmmessage'><BR>Hi there<BR>
<BR>
this is an interesting topic that I see here and a problem that I am trying to solve too.<BR>
<BR>
But I was wondering if the forwarding solution will work for my case. <BR>
<BR>
So I have two Asterisk boxes A and B.<BR>
<BR>
A is behind a corporate NAT such that A can SSH to B, but not vice versa( "One-way SSH" ) . The UDP port 5060 of the corporate NAT is blocked off and I will not be able to have it unblocked for security reasons. <BR>
<BR>
Hence, is my only choice using an SSH tunnel between A and B for the IAX connection to work? Will it work though with that "One-way SSH" factor mentioned before?<BR>
<BR>
Thanks<BR>
John<BR><BR><BR><BR>
<HR id=stopSpelling>
<BR>
> From: thp@westhawk.co.uk<BR>> To: asterisk-users@lists.digium.com<BR>> Date: Wed, 2 Jan 2008 16:29:45 +0000<BR>> Subject: Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk<BR>> <BR>> Sure, but if (as is often the case) you only have control over the <BR>> firewall at one end of the<BR>> link, you set the forwarding at the end you control and have the far <BR>> end to register to you every<BR>> 30 seconds.<BR>> <BR>> Tim.<BR>> On 2 Jan 2008, at 15:13, Rob Hillis wrote:<BR>> <BR>> > Perhaps. I've never been one to trust that firewalls operate as <BR>> > they should - I've been bitten far too many times by a firewall that <BR>> > doesn't quite behave as you expect. Also, when diagnosing network <BR>> > connectivity problems, I find that it helps to have the rules in <BR>> > place rather than having to infer the rule.<BR>> ><BR>> > Tim Panton wrote:<BR>> >><BR>> >> If you are careful, you only need to setup a port forward at one end<BR>> >> of the IAX trunk.<BR>> >><BR>> >> Have one Asterisk register (regularly) with the other.<BR>> >> The second asterisk (server) will need to have port 4569 forwarded<BR>> >> through it's router.<BR>> >> The first asterisk (client) wont need any port forwarding.<BR>> >><BR>> >> Tim.<BR>> >> On 2 Jan 2008, at 10:18, Rob Hillis wrote:<BR>> >><BR>> >><BR>> >>> The reason that IAX2 is considered good for NAT issues is that it<BR>> >>> uses only one port for both control messages and voice traffic as<BR>> >>> opposed to SIP that uses a predictable port for control messages and<BR>> >>> an unpredictable one for voice/video traffic.<BR>> >>><BR>> >>> If both servers are behind NAT servers, you will need to ensure that<BR>> >>> the appropriate UDP port (by default 4569) are forwarded to your<BR>> >>> Asterisk servers. Only this port is required - RTP isn't used by<BR>> >>> IAX2.<BR>> >>><BR>> >>> bilal ghayyad wrote:<BR>> >>><BR>> >>>> Hi List;<BR>> >>>><BR>> >>>> I heared that IAX is good for NATing issues, but I do<BR>> >>>> not know if it can help me in that senario:<BR>> >>>><BR>> >>>> I have two Asterisks machines in different sites and<BR>> >>>> both are behind NAT (both have private IP address), I<BR>> >>>> need to link these two asterisks with IAX trunk (if it<BR>> >>>> help really in such senario), but I do not know if it<BR>> >>>> will work without doing special routing settings on<BR>> >>>> the router (like TCP/UDP port mapping or IP<BR>> >>>> forwarding)? How that will be it if possible? Or I<BR>> >>>> have to do a kind of port mapping?<BR>> >>>><BR>> >>>> If I will need to use port mapping, then I have to map<BR>> >>>> the TCP and UDP ports that are determined in iax.conf<BR>> >>>> and rtp.conf files at site A for asterisk ip address<BR>> >>>> at site A? Or I have to map the TCP and UDP ports that<BR>> >>>> are in iax.conf and rtp.conf at site B for asterisk ip<BR>> >>>> address at site A? In other words, if I am at site B<BR>> >>>> then I have to go for router B and do mapping for<BR>> >>>> TCP/UDP ports of the asterisk at site B or the<BR>> >>>> asterisk at site A?<BR>> >>>><BR>> >>>> Any help.<BR>> >>>> Regards<BR>> >>>> Bilal<BR>> >>>><BR>> >>>><BR>> >>>><BR>> >>>> ____________________________________________________________________________________<BR>> >>>> Looking for last minute shopping deals?<BR>> >>>> Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping<BR>> >>>><BR>> >>>> _______________________________________________<BR>> >>>> --Bandwidth and Colocation Provided by http://www.api-digital.com--<BR>> >>>><BR>> >>>> asterisk-users mailing list<BR>> >>>> To UNSUBSCRIBE or update options visit:<BR>> >>>> http://lists.digium.com/mailman/listinfo/asterisk-users<BR>> >>>><BR>> >>>><BR>> >>> _______________________________________________<BR>> >>> --Bandwidth and Colocation Provided by http://www.api-digital.com--<BR>> >>><BR>> >>> asterisk-users mailing list<BR>> >>> To UNSUBSCRIBE or update options visit:<BR>> >>> http://lists.digium.com/mailman/listinfo/asterisk-users<BR>> >>><BR>> >><BR>> >> _______________________________________________<BR>> >> --Bandwidth and Colocation Provided by http://www.api-digital.com--<BR>> >><BR>> >> asterisk-users mailing list<BR>> >> To UNSUBSCRIBE or update options visit:<BR>> >> http://lists.digium.com/mailman/listinfo/asterisk-users<BR>> >><BR>> > _______________________________________________<BR>> > --Bandwidth and Colocation Provided by http://www.api-digital.com--<BR>> ><BR>> > asterisk-users mailing list<BR>> > To UNSUBSCRIBE or update options visit:<BR>> > http://lists.digium.com/mailman/listinfo/asterisk-users<BR>> <BR>> <BR>> _______________________________________________<BR>> --Bandwidth and Colocation Provided by http://www.api-digital.com--<BR>> <BR>> asterisk-users mailing list<BR>> To UNSUBSCRIBE or update options visit:<BR>> http://lists.digium.com/mailman/listinfo/asterisk-users<BR><BR><br /><hr />Shed those extra pounds with MSN and The Biggest Loser!! <a href='http://biggestloser.msn.com/' target='_new'>Learn more.</a></body>
</html>