[asterisk-users] IAX2 peer unreachable in one direction - NAT problem?

Seb Auriol sebau at syntec.co.uk
Mon May 14 11:38:33 MST 2007 

The situation is one of my asterisk servers is behind a NAT firewall and one
is not. Both servers have multiple IAX peers. The NAT firewall has port 4569
mapped through to the asterisk server behind. But, the natted server is
almost permanently unreachable from this non-natted server, even though, the
non-natted server is almost permanently _reachable_ from the natted server.
Details are below with iax2 debug and core debug 3. I actually have an
Asterisk 1.2 and an Asterisk 1.4 server in the non-natted role, and both
have the same issue. However, I have another non-natted server (on a
different ISP) that can talk fine to the natted server.

(IP addresses replaced with names.)

myNonNattedServer*CLI> iax2 show peers
Name/Username    Host                 Mask             Port          Status

myNattedServUN   myNattedServer  (S)  255.255.255.255  4569 (T)
UNREACHABLE

[May 14 19:06:05] DEBUG[5549]: chan_iax2.c:1154 update_max_nontrunk: New max
nontrunk callno is 7
[May 14 19:06:05] DEBUG[5549]: chan_iax2.c:1252 find_callno: Creating new
call structure 6
[May 14 19:06:05] DEBUG[5551]: chan_iax2.c:1644 send_packet: Sending 12 on
6/0 to myNattedServer:4569
Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 000 Type: IAX     Subclass: POKE

   Timestamp: 00012ms  SCall: 00006  DCall: 00000 [myNattedServer:4569]
Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX     Subclass: PONG

   Timestamp: 00012ms  SCall: 00005  DCall: 00006 [myNattedServer:37657]
Tx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX     Subclass: INVAL

   Timestamp: 00000ms  SCall: 00006  DCall: 00005 [myNattedServer:37657]
[May 14 19:06:05] DEBUG[5546]: chan_iax2.c:4788 raw_hangup: Raw Hangup
myNattedServer:37657, src=6, dst=5
[May 14 19:06:06] DEBUG[5540]: chan_iax2.c:1644 send_packet: Sending 12 on
6/0 to myNattedServer:4569
Tx-Frame Retry[001] -- OSeqno: 000 ISeqno: 000 Type: IAX     Subclass: POKE

   Timestamp: 00012ms  SCall: 00006  DCall: 00000 [myNattedServer:4569]
Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX     Subclass: PONG

   Timestamp: 00012ms  SCall: 00006  DCall: 00006 [myNattedServer:37657]
Tx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX     Subclass: INVAL

   Timestamp: 00000ms  SCall: 00006  DCall: 00006 [myNattedServer:37657]
[May 14 19:06:06] DEBUG[5542]: chan_iax2.c:4788 raw_hangup: Raw Hangup
myNattedServer:37657, src=6, dst=6

myNattedServer*CLI> iax2 show peers
Name/Username    Host                 Mask             Port          Status
myNonNattedSeUN  myNonNattedServ (S)  255.255.255.255  4569 (T)      OK (14
ms)

Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX     Subclass: POKE
   Timestamp: 00016ms  SCall: 00010  DCall: 00000 [myNonNattedServ:4569]
May 14 18:08:45 DEBUG[1196]: chan_iax2.c:1007 update_max_nontrunk: New max
nontrunk callno is 12
May 14 18:08:45 DEBUG[1196]: chan_iax2.c:1112 find_callno: Creating new call
structure 11
May 14 18:08:45 DEBUG[1196]: chan_iax2.c:6654 socket_read: Received packet
0, (6, 30)
May 14 18:08:45 DEBUG[1196]: chan_iax2.c:6848 socket_read: IAX subclass 30
received
May 14 18:08:45 DEBUG[1196]: chan_iax2.c:6857 socket_read: For call=11, set
last=16
May 14 18:08:45 DEBUG[1196]: chan_iax2.c:1515 send_packet: Sending 16 on
11/10 to myNonNattedServ:4569
Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX     Subclass: PONG
   Timestamp: 00016ms  SCall: 00011  DCall: 00010 [myNonNattedServ:4569]
Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX     Subclass: INVAL
   Timestamp: 00000ms  SCall: 00010  DCall: 00011 [myNonNattedServ:4569]
May 14 18:08:45 DEBUG[1196]: chan_iax2.c:6654 socket_read: Received packet
0, (6, 10)
May 14 18:08:45 DEBUG[1196]: chan_iax2.c:6848 socket_read: IAX subclass 10
received
May 14 18:08:45 DEBUG[1196]: chan_iax2.c:7510 socket_read: Immediately
destroying 11, having received INVAL
May 14 18:08:45 DEBUG[1196]: chan_iax2.c:7513 socket_read: Destroying call
11

Also when calls are placed to myNonNattedServer from myNattedServer (which
does work), the channel name is IAX2/myNattedServer:37657-callno, as opposed
to IAX2/myNattedServUserName-53.

(BTW, if I turn off qualify on myNonNattedServer, I can still not make calls
from myNonNattedServer to myNattedServer.)

Any idea what is wrong? This used to work fine (possibly when myNattedServer
was only trying to talk to one asterisk server through the NAT - now it has
3, only one of which is working properly).

Many thanks,

Sebastian

More information about the asterisk-users mailing list