<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<blockquote type="cite">On 07/12/2012 09:19 AM, Benny Amorsen wrote:
<br>
<blockquote type="cite" style="color: #000000;">"Kevin P. Fleming"
<a class="moz-txt-link-rfc2396E"
href="mailto:kpfleming@digium.com"><kpfleming@digium.com></a>
writes:
<br>
<br>
<blockquote type="cite" style="color: #000000;">That's quite
interesting; can you describe a scenario where this occurs?
<br>
</blockquote>
<br>
Imagine you have a server with two interfaces, eth0 with
192.168.1.1/24
<br>
and eth1 with 10.0.2.1/24. Further imagine that you wish to be
able to
<br>
move phones between the networks without changing the SIP server
<br>
address, so you set 192.168.1.1 as the SIP server no matter
which
<br>
network they happen to be on.
<br>
<br>
Now the phones which happen to be connected to eth1 will send a
request
<br>
to 192.168.1.1. If Asterisk is bound to 0.0.0.0, the reply will
come
<br>
from 10.0.2.1. This could be solved if Asterisk did a connect()
to the
<br>
socket and use the same socket for answering. That would tell
the system
<br>
IP stack that this is in fact a connection, and so the system
would
<br>
ensure that the reply source IP would be correct.
<br>
</blockquote>
<br>
I must be missing something. If a phone sends a UDP packet to
192.168.1.1, how does that get routed to (arrive at) the 10.0.2.1
interface on the Asterisk server? The only way I can imagine that
happening is if a router in between the phone and the server has
been told that 192.168.1.0/24 is reachable <b
class="moz-txt-star"><span class="moz-txt-tag">*</span>through<span
class="moz-txt-tag">*</span></b> 10.0.2.1, which seems like a
bizarre way to construct a network. Getting replies from Asterisk
<b class="moz-txt-star"><span class="moz-txt-tag">*</span>back<span
class="moz-txt-tag">*</span></b> to the phone would also
require the IP stack on the Asterisk server to route those replies
back over the 10.0.2.0/24 interface instead of the 192.168.1.0/24,
which doesn't make any sense either.
<br>
<br>
</blockquote>
We have since Asterisk 1.2 been using a configuration with 6 NIC's
bonding to 3 networks, one public internet and 2 private networks.<br>
Routing calls between networks and having phones on all 3 networks
is no problem.<br>
<br>
There is one case though where we do fixup with iptables.<br>
We have 30 virtuel adresses on one of the private networks and when
Asterisk sends a packet to a destination then the first address of
the NIC is inserted as source by the OS.<br>
<br>
example <br>
one NIC has ip's<br>
192.168.0.10,192.168.0.20,192.168.30<br>
Telephone (192.168.0.100) sends a packet to Asterisk 192.168.0.30,
Asterisk sends response to 192.168.0.100 but with source address
192.168.0.10 as thats the first ip on that NIC.<br>
<br>
In Iptables OUTPUT q we do a set-mark to an index into our source
ip's<br>
then in POSTROUTING we insert the source adr using the mark <br>
<br>
b.r<br>
Freddi<br>
<br>
<br>
<br>
<br>
</body>
</html>