[Asterisk-Users] NAT'd SIP extension, no audio
rristroph at airlinksystems.com
rristroph at airlinksystems.com
Thu Nov 10 08:53:05 MST 2005
Hi folks,
I have an asterisk server behind a NAT'd gateway that is using iptables. Internally, I have no problems connecting to asterisk. I would like to be able to use a sip softphone from outside the gateway, and become an extension on my asterisk PBX.
I have a laptop running X-Lite. When I connect it internally, the extension works fine. When I got outside my gateway, to another network on the internet (that is itself NAT'd behind a Belkin wiresless router), and I also change the sip extension in the asterisk dialplan to have nat=yes, then I hear no voice. Note that I can dial, and call will be connected; for example, if I dial into voicemail, I can enter my password and see in the asterisk logs that it went into the voice mail app. However I hear silence. If I dial the extension, it rings until it is picked up, and after that there is silence.
Here are the iptables commands in my current setup (that don't have audio):
$iptables -A FORWARD -i eth0 -p udp --dport 5060:5080 -j ACCEPT
$iptables -t nat -A PREROUTING -i eth0 -p udp -d x.x.x.x --dport 5060:5080 -j DNAT --to-destination 192.168.1.40:5060:5080
$iptables -A FORWARD -i eth0 -p tcp --dport 5060:5080 -j ACCEPT
$iptables -t nat -A PREROUTING -i eth0 -p tcp -d x.x.x.x --dport 5060:5080 -j DNAT --to-destination 192.168.1.40:5060:5080
$iptables -A FORWARD -i eth0 -p udp --dport 8000:20000 -j ACCEPT
$iptables -t nat -A PREROUTING -i eth0 -p udp -d x.x.x.x --dport 8000:20000 -j DNAT --to-destination 192.168.1.40:8000:20000
$iptables -A FORWARD -i eth0 -p tcp --dport 8000:20000 -j ACCEPT
$iptables -t nat -A PREROUTING -i eth0 -p tcp -d x.x.x.x --dport 8000:20000 -j DNAT --to-destination 192.168.1.40:8000:20000
192.168.1.40 is the address of my Asterisk server. x.x.x.x is my external IP address. I got these commands by copying commands I have successfully used to forward the ports used for VNC, and because I saw stuff on the internet that said I needed to hand the RTP ports as well as SIP. I have both UDB and TCP in there because I some people have told me UDP only was needed and others told me TCP was needed.
Here is the section in sip_additional.conf that defines the extension:
[908]
username=908
type=friend
secret=XXXX
record_out=Always
record_in=Always
;qualify=no
qualify=150
port=5060
nat=yes ; for external extension only
mailbox=908 at default
host=dynamic
dtmfmode=rfc2833
context=from-internal
canreinvite=no
callgroup=1
pickupgroup=1
I added these lines to sip.conf:
#added for external extensions
externip=x.x.x.x
localnet=192.168.1.0/255.255.255.0
Here is my rtp.conf:
;
; RTP Configuration
;
[general]
;
; RTP start and RTP end configure start and end addresses
;
rtpstart=10000
rtpend=20000
Why doesn't this work, and what can I do to fix it ? Should I post the logs of the X-Lite debug log and asterisk full log ? If I did a tcpdump on the NAT gateway while a call was attempted, would that help ?
--Rob
P.S. A copy of this post is at http://pastebin.ca/28236, from when I asked this on IRC
More information about the asterisk-users
mailing list