[Asterisk-Users] asterisk behind NAT

Brian West brian at bkw.org
Thu Dec 18 21:27:15 MST 2003


bug 104 on bugs.digium.com take a look at it.  Also your setup is EVIL

bkw

On Thu, 18 Dec 2003, Patrick Cantwell wrote:

> I know this issue has been covered with at least 2 different patches, and
> probably a dozen different discussions, however I'm a bit unclear as to what
> my options are.
>
> I have a DSL line coming in with 8 IP addresses going to an OpenBSD firewall
> doing 1:1 NAT for machines behind the firewall.  My asterisk box is one of
> these machines, and I'd like to allow foreign SIP clients
> (softphones/hardware phones) to register to my Asterisk box -WITHOUT-
> breaking internal connectivity.
>
> A brief example of my setup works like this:
>
> asterisk box -------------> openbsd firewall ---------------> internet
> (192.168.250.7)                            |
>                                                       ----------------------
> --> other internal networks  (192.168.0.0/16)
>
> The OpenBSD firewall provides a 1:1 NAT mapping for the asterisk box to
> 216.254.114.221 so ports/port forwarding is a non issue.
>
> I also have several other internal subnets hanging off of the OpenBSD
> firewall, all using 192.168.0.0/16 address space, and I do have some
> hardware/software clients running internally.
>
> I've also noticed that in newer CVS versions, there are provisions for
> 'externip', but nothing for internal net/netmask, so I suspect this will
> break my internal clients.
>
> My question is, first off, do I need to apply a patch, and if so, which one?
> Second, once I apply said patch, what options do I need to supply in
> sip.conf?
>
> I could also run something on the openbsd firewall (maybe a SIP proxy?),
> I've seen references to 'STUN' but haven't found enough info on it to know
> if it will help me.
>
> Thanks,
> Pat
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
>



More information about the asterisk-users mailing list