[Asterisk-Users] Re: very OT - basic newbie networking

Asterisk asterisk at dotr.com
Fri Dec 10 01:16:59 MST 2004 

thanks for the great reply ! See below for my comments:

Stewart Nelson wrote:
>>However, even though I've added the 192.168.6.10 as the gw
>>for the 192.168.6.xx network, the phones cannot access
>>the 192.168.5.xx network (or the internet).
> 
> 
> Well, if you can open a TCP connection from 192.168.5.xx to
> 192.168.6.xx, then routing in the reverse direction must be
> working.  If you can't connect from 192.168.6.xx back to
> 192.168.5.xx, two things come to mind:
> 
> Your * box might be acting as a NAT (aka IP masquerading)
> router, rather than a normal router.  When you connect from
> a host on 192.168.5.xx to a phone, verify that the source
> IP seen by the phone is 192.168.5.xx .  You can do this
> with debug features in the phone, by running Ethereal on *
> on the 192.168.6.10 interface, or with an external monitor.
> If you see 192.168.6.10 as the source address, then you
> are running NAT and need to disable it.

I will look into this. Is NAT enabled by default on Fedora core 1 
(latest patches) ?

> 
> The connection might be blocked by a software firewall on
> the destination host, e.g. Windows Firewall, on by default
> in XP SP2.  Note that a service enabled with Local Subnet
> scope won't be accessible from the phones.

The target machines can be pinged from the * box, but not the phones.

> 
> If it's neither of the above, you'll just have to debug it.
> Run Ethereal on the 192.168.5.10 interface, and check for
> SYN packets going out and responses coming in.
> 

Will do.

> Accessing the Internet from the phones is another story.
> First, do you need it?  If you are coming into * in SIP

I was trying to be simplistic - we do have other machines / switches on 
that network that would benefit from being able to download firmware 
upgrades etc.

> and going out to a provider or another * in IAX, * will
> have to proxy the call anyhow, so Internet access is not
> required.  If both sides are SIP, and you want to get
> the performance benefits of reinvite, then you can
> try to get it working.  Your firewall needs to have a
> static route for 192.168.6.0/24 with gw 192.168.5.10 ,
> and it also must know to perform NAT on packets coming in
> from 192.168.6.xx .  Some routers will do this automatically,
> some need a configuration setting, and with others you're
> out of luck.  In the latter case, you could tell the
> router that the LAN subnet is 192.168.4.0/22, and set up
> * to do proxy ARP.  Once you have NAT and the static route
> configured, you should be able to plug a PC into the
> 192.168.6.xx net and browse the Web.  But whether you can
> make phone calls through this system is a complex issue.
> NAT traversal for SIP is often problematic, and many on
> this list have had to set canreinvite=no.
> 
> Regards,
> 
> Stewart

Many thanks for the help.

> 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
> 
>

More information about the asterisk-users mailing list