[Asterisk-Users] asterisk behind NAT
Patrick Cantwell
pat at insomnia.org
Thu Dec 18 21:18:07 MST 2003
I know this issue has been covered with at least 2 different patches, and
probably a dozen different discussions, however I'm a bit unclear as to what
my options are.
I have a DSL line coming in with 8 IP addresses going to an OpenBSD firewall
doing 1:1 NAT for machines behind the firewall. My asterisk box is one of
these machines, and I'd like to allow foreign SIP clients
(softphones/hardware phones) to register to my Asterisk box -WITHOUT-
breaking internal connectivity.
A brief example of my setup works like this:
asterisk box -------------> openbsd firewall ---------------> internet
(192.168.250.7) |
----------------------
--> other internal networks (192.168.0.0/16)
The OpenBSD firewall provides a 1:1 NAT mapping for the asterisk box to
216.254.114.221 so ports/port forwarding is a non issue.
I also have several other internal subnets hanging off of the OpenBSD
firewall, all using 192.168.0.0/16 address space, and I do have some
hardware/software clients running internally.
I've also noticed that in newer CVS versions, there are provisions for
'externip', but nothing for internal net/netmask, so I suspect this will
break my internal clients.
My question is, first off, do I need to apply a patch, and if so, which one?
Second, once I apply said patch, what options do I need to supply in
sip.conf?
I could also run something on the openbsd firewall (maybe a SIP proxy?),
I've seen references to 'STUN' but haven't found enough info on it to know
if it will help me.
Thanks,
Pat
More information about the asterisk-users
mailing list