Multiple NATs and Asterisk?

Hey all,

My ISP recently changed their setup, and now everyone has to have a router provisioned by them at the home end. Everyone still has their own unique public IP, but my Linux box is not allowed to directly use it on its interface. Instead my ISP told me my only option is to set my Linux box to a static NAT IP and use the DMZ host in their router.

Ever since this was done, I cannot use my Asterisk from outside my LAN.

My setup is as follows:

Linux box on LAN, DMZ host. Local LAN at home is 192.168.1.x. Router at 192.168.1.1, Linux at 192.168.1.2, other boxes at 192.168.1.100 and up.

I have a Nokia phone with SIP capability and in the past I was always able to have my phone register to my Asterisk when I was in range of public Wifi networks. Obviously most all public Wifi networks are also using a layer of NAT. And most often, the IPs they use are 192.168.1.x

Now in the past, my Linux box (with two interfaces) was also a router for my LAN. eth0 has 192.168.1.x for the LAN, and eth1 had my public routable IP. In light of the new provisioning, I am now using eth0 as an isolated VLAN with IP 172.16.200.x to do experiments with routing and so on.

I am able to successfully register to Asterisk outside the LAN, but when a call is attempted the following occurs:

Call from ASterisk to phone: Assume the phone is on a public Wifi with IP 192.168.1.100. The Asterisk will try to send hte call to 192.168.1.100 on the local LAN, not to the gateway so the call can reach the phone.
Call from phone to Asterisk: Call goes through. Asterisk can hear my audio, but again, can’t get audio back to me because it’s sending it to 192.168.1.100 on the local LAN.

I attempted changing the local IP subnet to 192.168.100.x and it still didn’t help. I also tried setting up the Linux box as another NAT layer (so that eth0 is 192.168.100.x and eth1 is 192.168.1.2, and restoring my original router config) but no go. I have sip_conntrack loaded, which always worked in the past for this type of issue.

Is it simply the case that the Linux box being behind the additional NAT layer makes it impossible for me to make calls in/out of it if the remote host is also NATted?

Thanks.

fm