Asterisk with nat and remote sips behind nat


I have spent days trying to solve my problem with sip and asterisk, Local users on the same network are ok but remote users behind various broadband routers can connect and dial but get no voice.
All people use eyebeam sip softphone.

Tried so many google guides Im now quite stuck.


  1. Asterisk 1.2.1 box with sip phones. rtp set to 10000-10500 udp
  2. Broadband Gateway server / Modem using linux NAT + iptables firewall
    Forwads 5060 + 10000-10500 UDP from public IP to asterisk box.

4 . Internet

  1. Broadband Router Uses Nat (Remote user)
  2. Remote user lan with sip softphone.

(ASTERISK Box connects to normal bt phone lines via tmd400p (No probs witht this)

Local lan users on the same lan as asterisk all works ok.
Just the remote ones behind there own nat routers.

I cannot put the server in a dmz zone what alternatives are there.
Cannot really change to iax as the eyebeam softphone supports pc +mac+linux and Video and I have not seen a IAX softphone which supports all of this.



bindaddr =
localnet =
externip=xx,xx,xx,xx (our public ip)



exten => 1000,1,Voicemailmain()
exten => 1000,2,HangUp()

(voice mail) Dial it and you should hear voicemail menu

You also need to add 5061 and sometimes 5000.

Also NAT is not your best friend. I have had problems in the past. Trying use pass thru. Also you need to configure your public IP in sip.conf

nat=yes ; Tells system that you are using NAT
canreinvite=no ; Allow clients to directly connect if set to yes. Set to no if behind NAT.

Thanks for the thing about port 5061. I will try that tonight from home.

On the Passthru what do you mean. ?

Our linux firewall box has rules on iptables NAT Prerouting part to

Destination NAT If protocol is UDP and destination is publicIP and input interface is ppp0 and destination port is 5060:5061

Destination NAT If protocol is UDP and destination is PublicIP and input interface is ppp0 and destination port is 10000:10500


What is in your /etc/asterisk/rtp.conf? Also, what are the configurations at the endpoints/users locations?



The users on the same lan just use eyebeam and set the sip server to the asterisk box. Dial out is through a tdm400 card.

users at home on broadband connection eyebeam sip points to our public ip address.

All users have sip listen port set to 5060.

Do your users have their RTP ports open on their broadband networks as well? Have you considered using a STUN server?

yes the rtp ports 10000-10500 UPD are portforward on the firewall to asterisk box and also all pcs at work have access to ports 10000-10500.

my router i use at home does not block any outgoing or incomming ports as i have even turned the firewall of to test it.

If i use a stun server do i need to modify any asterisk confg and do
the remote eyebeams need to point to it or every sip phone we use no matter where it is. ?



Just tried it and I now have remote sip clients behind nat connecting to our asterisk server which is behind nat OK.!!

I think my problem is caused by some old adsl routers and there builtin firewall.

Thanks for you tips.