[Asterisk-Users] Asterisk behind LinkSys NAT Routing
Robert L Mathews
lists at tigertech.com
Mon Nov 3 19:05:21 MST 2003
At 11/3/03 2:41 PM, Martin Pycko <martinp at digium.com> wrote:
>It's not for phones, it's for asterisk behind a NAT.
My apologies; I'm not making my question clear.
I realize this option is for Asterisk behind a NAT, but of course
Asterisk uses this parameter to talk to SIP clients (which I referred to,
perhaps too specifically, as "phones"), and that's what I meant.
In other words, Asterisk might be talking to SIP phones on either side of
the NAT. A given SIP phone acting as an extension may be on the same
private network as Asterisk, or it may be on the other side of the NAT
(out on the public Internet, possibly even behind its own NAT on the
other end).
Imagine I have both Asterisk and a SIP phone on my local office network
using private IP addresses, and I also have a second SIP phone that is in
another location, at someone's home office on the public Internet.
The "externip=a.b.c.d" doesn't help in this situation, because it forces
Asterisk to use the external IP address in all cases, which breaks the
functionality for local phones. That is, the new option presumably makes
it possible to have *all* your SIP phones on the other side of the NAT
from Asterisk, but you can't some phones on both sides. (Indeed, I just
tried it, and using "externip=something" prevents SIP phones on the same
private network as Asterisk from working.)
In Bug ID 0000104, a patch was suggested that takes the netmask into
effect and makes the right decision for phones on either side of the NAT.
However, the code that was added for "externip" in the current CVS isn't
that patch; it's just a way of giving me a choice of having SIP phones on
the outside of the NAT working, or having SIP phones on the inside of the
NAT working, but not both at the same time.
I guess I'm curious why the hard-coded global option was used, because it
doesn't really solve the problem in the general case. The whole trouble
with NAT is that Asterisk may need to use a different IP address
depending on the IP address of the SIP client it's communicating with,
and that address needs to be determined on the fly. In a perfect word,
this would all be handled by magic so it required no configuration (e.g.,
STUN), but the patch in 0000104 would at least allow phones on both sides
of the NAT to work with a small amount of configuration, which isn't
possible now with the CVS code.
Thanks again for the hard work you're putting in to Asterisk!
--
Robert L Mathews, Tiger Technologies http://www.tigertech.net/
More information about the asterisk-users
mailing list