[Asterisk-Users] Asterisk, SER, NAT, STUN and the whole debate
Paul Fielding
paul at fielding.ca
Tue Mar 29 07:26:47 MST 2005
Basically, I'm forwarding the standard Asterisk ports:
tcp 5060
udp 5060
udp 4569
udp 5036
tcp 5038
udp 5038
udp 10000:20000
I'm not sure that i needed both tcp and udp on the mgmt port 5038, but what
the heck. :)
In sip.conf:
externip = xx.xx.xx.xx
localnet=192.168.1.0
In the sip client contexts they *all* have:
nat=yes
canreinvite=no
This is so that they can be hopped both in and out of NATs without
reconfiging.
No special ports being forwarded for the clients. They seem to work behind
whatever NATs we throw at them without difficulties...
later,
Paul
----- Original Message -----
From: "Anton Krall" <akrall-lists at intruder.com.mx>
To: "'Asterisk Users Mailing List - Non-Commercial Discussion'"
<asterisk-users at lists.digium.com>
Sent: Tuesday, March 29, 2005 5:28 AM
Subject: RE: [Asterisk-Users] Asterisk, SER, NAT, STUN and the whole debate
> Thank you for your story Paul, nice work with the dialplans!
>
> I have one question, so you say that for server 2, asterisk is behind nat
> and you have sip clients inside and outside the nat. Which ports are you
> forwarding to asterisk from your firewall and in the case of sip clients
> outside nat, did you have to open certain ports for each client or all
> clients use the same?
>
> For inside clients it should be a charm!
>
> Very nice job Paul, intercity dialing and everything well connected...
> That
> was a good story.. Thx for sharing.
>
> Anton
>
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Paul
> Fielding
> Sent: Martes, 29 de Marzo de 2005 12:52 a.m.
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: Re: [Asterisk-Users] Asterisk, SER, NAT, STUN and the whole
> debate
>
> ----- Original Message -----
> From: "Anton Krall" <akrall-lists at intruder.com.mx>
>> would like to hear some actual setups and how people are solving the
>> nat issue within scenarios like:
>>
>> Asterisk - nat (ports forwarded) - internet - nat - multiple voup
>> phones
>
>
> I've been playing with this with my friends for awhile now. We've got
> four
> different Asterisk servers set up in four different cities:
>
> 1. 2 nics - one on internal network, other on external network. TDM400
> card
> with 2 FXO and 1 FXS, 2 different analog lines, and a LiveVoip IAX2
> dialout.
>
> Various SIP phones connected, both from within the internal network and
> out
> on the internet from behind other NATs.
>
> 2. 1 nic - behind NAT (ports forwarded). X100p with 1 analog line.
> Various
> SIP phones, internal network and from behind other NATs.
>
> 3 & 4. Like #2 but no X100p.
>
> All four servers are connected via IAX2 - in all cases we can dial
> extensions for each other's systems and the call gets dumped to the
> correct
> server. Also between server 1 & 2 we have local inter-city dialing
> working
> (if you dial an outside number that is local to the other city and don't
> put
> a 1 in front of the number it dumps to the other server and dials out).
>
> NAT hasn't proven to be a problem for us - the only thing we can't do as a
> result of all the SIP clients being natted is Reinvites - this just means
> that all conversation *must* go through the server as opposed to direct
> client-client transfer.
>
> Servers that are behind nats have the correct IP settings set in SIP.CONF.
> As long as I set the STUN server on the sip clients to a good working STUN
> server everything works like a hot damn. Nothing special....
>
> regards,
>
> Paul
>
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list