[asterisk-users] Asterisk/iaxclient IAX2 source port

Tue Dec 18 16:15:56 CST 2007

On 13:52, Tue 18 Dec 07, Chris Tracy wrote:
> All,
>  	Below is the reason for my asking, for the curious:
> 
>  	Currently, asterisk uses port 4569 as both the source and 
> destination port for all its outbound connections.  This is generally 
> fine, but I find myself in a very frustrating NAT issue as a result of 
> iaxclient also defaulting to using 4569 for both source and destination 
> ports.  We run several sites around the world, all using ENUM to place 
> calls between sites.  Thus, none of the sites register with each other. 
> Thus, until a call is made, there is no connection between site A and site 
> B, and thus no NAT entries in the router at site B for site A.
> 
>  	Normally, this is fine.  A call is placed from A to B and the 
> packets come into the router at B and get NATed properly:
> 
> A.ext:4569 - B.ext:4569 -> A.ext:4569 - B.int.asterisk:4569
> 
>  	The trouble though, comes when someone who normally works at site 
> A vists site B, but has their IAX softphone (zoiper) set to register back 
> to site A.  By default, this softphone, like asterisk, uses 4569 for both 
> the source and destination port.  Thus, if there is no call between site A 
> and site B and a softphone registers back to site A, a NAT mapping gets 
> created that looks like:
> 
> A.ext:4569 - B.ext:4569 -> A.ext:4569 - B.int.softphone:4569
> 
>  	Now, for the life of this NAT entry, if someone at site A dials 
> site B, their call will be routed to the "lucky" softphone that got this 
> entry, and not to the asterisk server at site B.  Of course, calls out 
> from site B to site A still work properly, since the NAT device just 
> changes the port number on the fly since 4569 already has a mapping:
> 
> B.int.asterisk:4569 - A.ext:4569 -> B.ext:65535 - A.ext:4569
> 
>  	There are three options I see that would fix this:
> 
> 1. Prevent the linux router at site B from giving the 4569/4569 conntrack 
> entry to a softphone.  Would be great, but as far as I can tell, there's 
> no way to do this using a standard distribution kernel.  (Hopefully I'm 
> wrong, but my research hasn't turned up anything at all useful in this 
> regard)
> 
> 2. Reconfigure all softphones to use a port other than 4569 as their 
> source port.  In theory this is possible, but a huge pain to find/change 
> every existing softphone, as well as to ensure that people don't 
> accidentally end up with the default config in the future causing the 
> same problem.
> 
> 3. Reconfigure asterisk to use a port other than 4569 for its source port 
> on outbound connections.  The number of asterisk servers relative to 
> softphones is small, and the asterisk servers are configured/controlled by 
> admins, not end users.  Thus we could have some guarantee that this 
> solution couldn't be circumvented.

Why not let the softphones register to the closest asterisk
box and use dundi to route the calls to the box where the
softphone is registered ?

We use this in a couple of setups with great success.
Not with softphones, but with philips dect phones.
-- 

Michiel van Baak
michiel at vanbaak.eu
http://michiel.vanbaak.eu
GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD

"Why is it drug addicts and computer afficionados are both called users?"