How to configure Asterisk behind NAT?, registration failed

Dear All,

I am trying to run Asterisk behind NAT firewall but it does not work… I meant registration failed for outside-users, what I missed with my configs below?

localhost*CLI> core show version
Asterisk 11.13.1 built by root @ on a i686 running Linux on 2014-10-20 17:22:50 UTC

and my sip show config are as follow:

localhost*CLI> sip show settings

Global Settings:

UDP Bindaddress:
TCP SIP Bindaddress: Disabled
TLS SIP Bindaddress: Disabled
Videosupport: No
Textsupport: No
Ignore SDP sess. ver.: No
AutoCreate Peer: Off
Match Auth Username: No
Allow unknown access: Yes
Allow subscriptions: Yes
Allow overlap dialing: Yes
Allow promisc. redir: No
Enable call counters: No
SIP domain support: No
Realm. auth: No
Our auth realm asterisk
Use domains as realms: No
Call to non-local dom.: Yes
URI user is phone no: No
Always auth rejects: Yes
Direct RTP setup: No
User Agent: FPBX-12.0.3(11.13.1)
SDP Session Name: Asterisk PBX 11.13.1
SDP Owner Name: root
Reg. context: (not set)
Regexten on Qualify: No
Trust RPID: No
Send RPID: No
Legacy userfield parse: No
Send Diversion: Yes
Caller ID: Unknown
From: Domain:
Record SIP history: Off
Call Events: Off
Auth. Failure Events: Off
T.38 support: No
T.38 EC mode: Unknown
T.38 MaxDtgrm: 4294967295
SIP realtime: Disabled
Qualify Freq : 60000 ms
Q.850 Reason header: No

Network QoS Settings:

IP ToS RTP audio: EF
IP ToS RTP video: AF41
IP ToS RTP text: CS0
802.1p CoS SIP: 4
802.1p CoS RTP audio: 5
802.1p CoS RTP video: 6
802.1p CoS RTP text: 5
Jitterbuffer enabled: No

Network Settings:

SIP address remapping: Enabled using externaddr
Externaddr: 202.a.b.c:0
Externrefresh: 10

Global Signalling Settings:

Codecs: (gsm|ulaw|alaw|g726)
Codec Order: ulaw:20,alaw:20,gsm:20,g726:20
Relax DTMF: No
RFC2833 Compensation: No
Symmetric RTP: Yes
Compact SIP headers: No
RTP Keepalive: 0 (Disabled)
RTP Timeout: 30
RTP Hold Timeout: 300
MWI NOTIFY mime type: application/simple-message-summary
DNS SRV lookup: No
Pedantic SIP support: Yes
Reg. min duration 60 secs
Reg. max duration: 3600 secs
Reg. default duration: 120 secs
Sub. min duration 60 secs
Sub. max duration: 3600 secs
Outbound reg. timeout: 20 secs
Outbound reg. attempts: 0
Outbound reg. retry 403:0
Notify ringing state: Yes
Include CID: No
Notify hold state: Yes
SIP Transfer mode: open
Max Call Bitrate: 384 kbps
Auto-Framing: No
Outb. proxy:
Session Timers: Accept
Session Refresher: uas
Session Expires: 1800 secs
Session Min-SE: 90 secs
Timer T1: 500
Timer T1 minimum: 100
Timer B: 32000
No premature media: Yes
Max forwards: 70

Default Settings:

Allowed transports: UDP
Outbound transport: UDP
Context: from-sip-external
Record on feature: automon
Record off feature: automon
Force rport: Yes
DTMF: rfc2833
Qualify: 0
Keepalive: 0
Use ClientCode: No
Progress inband: Never
Tone zone:
MOH Interpret: default
MOH Suggest:
Voice Mail Extension: *97

and my iptables as follow:


-A PREROUTING -p tcp -m tcp -d 202.a.b.c/32 -i eth3 --dport 5060 -j DNAT --to-destination
-A PREROUTING -p udp -m udp -d 202.a.b.c/32 -i eth3 --dport 5060 -j DNAT --to-destination
-A PREROUTING -p udp -m udp -d 202.a.b.c/32 -i eth3 --dport 5036 -j DNAT --to-destination
-A PREROUTING -p udp -m udp -d 202.a.b.c/32 -i eth3 --dport 10000:20000 -j DNAT --to-destination
-A PREROUTING -p udp -m udp -d 202.a.b.c/32 -i eth3 --dport 4569 -j DNAT --to-destination
-A PREROUTING -p tcp -m tcp -d 202.a.b.c/32 -i eth3 --dport 5038 -j DNAT --to-destination
-A PREROUTING -p udp -m udp -d 202.a.b.c/32 -i eth3 --dport 2727 -j DNAT --to-destination
-A NAT -p tcp -m tcp -d 202.a.b.c/32 -i eth3 --dport 4445 -j DNAT --to-destination