[Asterisk-Users] How do you handle NAT?

hank hanksmith5 at gmail.com
Tue Jun 28 15:46:29 MST 2005 

I think my problem is numbrer 3 cause basicly my friend who is not on my 
router is trying to get connected to me but can't and I am the 1 that is 
behind a nat.
thanks
hank
----- Original Message ----- 
From: "Sebastian Silva" <ssilva at gaussar.com>
To: "Asterisk Users Mailing List - Non-Commercial Discussion" 
<asterisk-users at lists.digium.com>
Sent: Tuesday, June 28, 2005 12:45 PM
Subject: Re: [Asterisk-Users] How do you handle NAT?


> Hi everyone.
>
> 1.  Asterisk as a SIP client behind nat, connecting to outside SIP 
> Proxies:
> #1 works with a NAT-supporting proxy as SIP Express router as the outside 
> proxy. (Get an account at IPtel.org and try!). Fails with Free World 
> Dialup.
>
> 2. Asterisk as a SIP client behind nat, connecting to inside SIP proxies:
> #2 Works- no NAT in between
>
> 3. Asterisk as a SIP server behind nat, clients on the outside connecting 
> to Asterisk:
> #3 Works with port forwarding and some header mangling magic
>
> 4. Asterisk as a SIP server behind nat, clients on the inside connecting 
> to Asterisk:
> #4 Works - no NAT in between
>
> 5. Asterisk as a SIP client outside nat, connecting to outside SIP 
> proxies:
> #5 is no problem. No NAT in the middle
>
> 6. Asterisk as a SIP client outside nat, connecting to inside SIP proxies:
> #6 is a problem if no port forwarding is done, similar to 3 above.
>
> 7. Asterisk as a SIP server outside nat, clients on the outside connecting 
> to Asterisk:
> #7 is no problem. No NAT in the middle
>
> 8. Asterisk as a SIP server outside nat, clients on the inside connecting 
> to Asterisk:
> #8 is solved with nat=yes and qualify=xxx in sip.conf for the client in 
> most cases. Some clients (X-lite) assist themselves by using STUN and 
> sending UDP keep-alive packets. Qualify sends keep-alive packets from 
> Asterisk to the client on the inside.
>
> from wiki
>
> Now, if you net to define a NAT, you have to set asterisk to 
> "canreinvite=no", "qualify=yes" and "nat=1".
>
> Also, INSTEAD of NAT, you can use a STUN server. To use a STUN server you 
> should set asterisk to "canreinvite=no", "qualify=no" and "nat=0" (the 
> STUN configuration is in your agents).
>
> Sebas
>
> hank wrote:
>> how easy is it to set up a stun server? with asterisk amd will this fix 
>> part of the nat problem?
>> ----- Original Message ----- From: "Ray Van Dolson" 
>> <rayvd at digitalpath.net>
>> To: "Asterisk Users Mailing List - Non-Commercial Discussion" 
>> <asterisk-users at lists.digium.com>
>> Sent: Tuesday, June 28, 2005 8:14 AM
>> Subject: Re: [Asterisk-Users] How do you handle NAT?
>>
>>
>>> We've been feeling our way along with the NAT stuff (using SIP) as well.
>>>
>>> At this point we are fairly small, so the keep-alive packets are not too 
>>> bad.
>>> What type of user load are you at and what are the specs on your 
>>> Asterisk box?
>>> I'm concerned we may run into this as well.
>>>
>>> We do have the luxury that each Sipura device we use is sitting behind 
>>> its own
>>> NAT (a customer CPE).  So we can do port-forwarding and in combination 
>>> with a
>>> STUN server (MyStun), things work quite well.  The only issues left to 
>>> deal
>>> with are a lingering problem with ip_conntrack entries staying cached 
>>> because
>>> of the "keep alive" packets due to qualify=yes after the CPE's IP 
>>> address
>>> changes.
>>>
>>> Curious to hear other's setups as well.  I would *love* to start using 
>>> the
>>> IAXy instead, but it has a couple shortcomings over the Sipura 2002's 
>>> we're
>>> using now:
>>>
>>> - About $10/more
>>> - Only has one line (apparently two lines is a bit more of a selling 
>>> point).
>>>
>>> Still trying to figure out a good way to make a case for the IAXy 
>>> though.
>>>
>>> Ray
>>>
>>> On Tue, Jun 28, 2005 at 09:59:49AM -0500, Matthew Boehm wrote:
>>>
>>>> We are interested in how other people are handling NAT problems. We 
>>>> have
>>>> several customers all of which have some sort of firewall/NAT device at
>>>> their location. For simplicity sake, all customers' internal networks
>>>> are 192.168.*.*.
>>>>
>>>> Our asterisk box is on public IP not blocked by any FW/NAT.
>>>>
>>>> I use QUALIFY=yes on all our customers' phones and I feel that sending
>>>> out 80-something keep-alive packets is causing our box to crawl and
>>>> cause bad calls.
>>>>
>>>> Would SER be better in this case? Should I have phones register with 
>>>> SER
>>>> instead of with Asterisk?
>>>>
>>>> Thanks,
>>>> Matthew
>>>>
>>>> P.S. Yes, I have read stuff on NAT on the wiki. I'm more interested in
>>>> other real world, working, solutions.
>>>
>>> _______________________________________________
>>> Asterisk-Users mailing list
>>> Asterisk-Users at lists.digium.com
>>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>> To UNSUBSCRIBE or update options visit:
>>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>
>> _______________________________________________
>> Asterisk-Users mailing list
>> Asterisk-Users at lists.digium.com
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
> -- 
> Sebastian Silva
> G R U P O  G A U S S
> Depto. Sistemas
> Av. Libertador 6250 4 piso
> Tl.: 4 706-2222 (int. 121)
> ssilva at gaussar.com
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list