Port forwarding or no port forwarding?

imotor · October 9, 2014, 11:07pm

I have discovered that there seems to be some confusion as to whether port forwarding TCP/UDP 5060 and UDP 10000/20000 is necessary for asterisk servers behind NAT. The following link seems to indicate that it is not necessary:

http://www.dslreports.com/forum/r27735252-Question-about-opening-ports-for-Asterisk

And a post in this link states that it is absolutely necessary:

http://forums.whirlpool.net.au/archive/679361

In my current setup, port forwarding on or off has absolutely no effect on behavior. Here is my current setup:

flowroute SIP trunk<—internet—>firewall/router/NAT-----LAN switch<—Asterisk server/Cisco handsets

Any opinions on the necessity of port forwarding for asterisk behind NAT?

david55 · October 10, 2014, 12:06am

Routers that try to be clever with SIP tend to break things. The only way you could use Asterisk without port forwarding is if your router was trying to be clever. That is an unknown quantity.

imotor · October 11, 2014, 12:19am

That could be.

But what’s interesting is, for me, turning SIP Application Layer Gateway on or off, turning Intrusion Prevention System on or off, turning port forwarding on or off, and any combination of the three have absolutely no effect on how calls get in or out of my system.

david55 · October 11, 2014, 9:03am

The router must still be constructing dynamic port forwarding rules.

constantinp · October 13, 2014, 3:21pm

Also note that your firewall is probably stateful. Which means a SIP packet outbound to UDP/5060 will create a state, and leave that port open for a certain time to get the answer back from the destination.

With a stateless firewall you would see that not forwarding any port inbound to your Asterisk will break things.