[Asterisk-Users] Re: very OT - basic newbie networking

Stewart Nelson sn at scgroup.com
Fri Dec 10 00:58:10 MST 2004


> However, even though I've added the 192.168.6.10 as the gw
> for the 192.168.6.xx network, the phones cannot access
> the 192.168.5.xx network (or the internet).

Well, if you can open a TCP connection from 192.168.5.xx to
192.168.6.xx, then routing in the reverse direction must be
working.  If you can't connect from 192.168.6.xx back to
192.168.5.xx, two things come to mind:

Your * box might be acting as a NAT (aka IP masquerading)
router, rather than a normal router.  When you connect from
a host on 192.168.5.xx to a phone, verify that the source
IP seen by the phone is 192.168.5.xx .  You can do this
with debug features in the phone, by running Ethereal on *
on the 192.168.6.10 interface, or with an external monitor.
If you see 192.168.6.10 as the source address, then you
are running NAT and need to disable it.

The connection might be blocked by a software firewall on
the destination host, e.g. Windows Firewall, on by default
in XP SP2.  Note that a service enabled with Local Subnet
scope won't be accessible from the phones.

If it's neither of the above, you'll just have to debug it.
Run Ethereal on the 192.168.5.10 interface, and check for
SYN packets going out and responses coming in.

Accessing the Internet from the phones is another story.
First, do you need it?  If you are coming into * in SIP
and going out to a provider or another * in IAX, * will
have to proxy the call anyhow, so Internet access is not
required.  If both sides are SIP, and you want to get
the performance benefits of reinvite, then you can
try to get it working.  Your firewall needs to have a
static route for 192.168.6.0/24 with gw 192.168.5.10 ,
and it also must know to perform NAT on packets coming in
from 192.168.6.xx .  Some routers will do this automatically,
some need a configuration setting, and with others you're
out of luck.  In the latter case, you could tell the
router that the LAN subnet is 192.168.4.0/22, and set up
* to do proxy ARP.  Once you have NAT and the static route
configured, you should be able to plug a PC into the
192.168.6.xx net and browse the Web.  But whether you can
make phone calls through this system is a complex issue.
NAT traversal for SIP is often problematic, and many on
this list have had to set canreinvite=no.

Regards,

Stewart




More information about the asterisk-users mailing list