Questions regarding asterisk and NAT


#1

Hi All,

How about this scenario? Is it possible Asterisk to be installed on a NAT router/gateway box (using netfilter, which is actually port restricted cone NAT! )?
I have successfully installed Asterisk on such gateway and also I setup a softphone on the PC which is behind this NAT in the private LAN. The softphone can register to the asterisk without any problems, but it’s not possible to dial out and to receive any incoming calls as well?! For instance if I try to dial a FWD number using the softphone behind the NAT nothing happens, it’s the same with the incoming calls.
I have played with all NAT related settings in the SIP.conf also I opened udp 5060 on my external interface on the NAT box, but still no success. Also I have seen the SIP mesages using SIP debug options in the Asterisk CLI and the only suspecious thing I saw was the “NAT transmiting” and then I got an 404 error.
I’ll appreciate if someone can give me an idea of what’s going on and whether this scenario of Asterisk installation is possible or not.

Thanks in advance!


#2

Yeah, it’s possible. That’s how i had it set up at home till the other day (when the motherboard died on me). You have to set up iptables correctly, of course, and allow connections to the relevant ports etc.

The big advantage of this particular setup is that your Asterisk server isn’t actually behind NAT - its network interface is the real interface onto the internet (well, probably, anyway) - which solves complications.

You haven’t really explained your setup though, so i can’t really comment on how you should have it configured. If the internet connection is being done by that box, then you shouldn’t configure Asterisk as if it’s behind NAT - cos it ain’t!


#3

[quote=“WillKemp”] The big advantage of this particular setup is that your Asterisk server isn’t actually behind NAT - its network interface is the real interface onto the internet (well, probably, anyway) - which solves complications.

You haven’t really explained your setup though, so i can’t really comment on how you should have it configured. If the internet connection is being done by that box, then you shouldn’t configure Asterisk as if it’s behind NAT - cos it ain’t![/quote]

Thank you very much for your reply! Yeah, running asterisk on such setup is preventing from complications with the NAT, but what about the peers that are behind this NAT box. In my case I have a softphone which is running on 192.168… how it should be configured in the sip.conf? below is my the part from SIP.conf where this peer is described, but unfortunatelly I still can’t get the softphone operational, eventhough it’s registered to the asterisk:

[test]
type=friend
username=test
secret=test
context=tutorial
nat=yes
canreinvite=no
reinvite=no
disallow=all
allow=gsm
allow=ulaw
allow=alaw

I am still thinking there is something to do with the NAT ?!


#4

you say you’ve opened port 5060 for SIP signalling, but what about ports 10,000 thru 20,000 for RTP? this may be your problem. the media traffic (RTP) usually uses UDP ports 10000-20000 and you MUST let them thru your firewall.

if you’d like to use fewer ports, edit rtp.conf.


#5

I don’t think RTP ports are an issue at the moment, I even can’t establish call in/out. Anyway thanks for the advise, I’ll open these UDP range


#6

[quote=“tg2005”]
[test]
type=friend
username=test
secret=test
context=tutorial
nat=yes
canreinvite=no
reinvite=no
disallow=all
allow=gsm
allow=ulaw
allow=alaw

I am still thinking there is something to do with the NAT ?![/quote]
Yes, it it. There isn’t any. So you should have nat=no .

There is no NAT between the phone and the Asterisk box - and that’s what counts, as the phone is only talking to the Asterisk box, not the whole internet.


#7

Thank you very,very much for your suggestions and help! The problem is solved now and everything is working :smile:
Thanks WillKemp, as you noticed the problem was in the nat=yes, now I turned it to NO and everything is OK. Thanks alot :smile:))))


#8

Merry Christmas to all of you !

Another issue just raised up. There is very strange behavior of the all incoming calls. First let’s say that all outgoing calls are fine, but still there are problems with the inbound ?!
I have noticed that when I try to call my TEST number from my FWD I got “408 error”, but the strange thing is that when first I call my FWD from the TEST account and afterwards I call back my TEST account on the Asterisk from the same FWD account - the incoming call is working.
I did few tests today, I was trying to call my TEST account this time from another softphone from another network and I got the same problems as described above. I set the dubigging on the Softppone to see the SIP messages and according them it seems that my Asterisk machine did not reply to the INVITE message on the incoming calls, which is strange ?! And as I said earlier if I call first from my TEST account , then there is no problem for the call back! In other wods I have to initiate the call first, i.e. imposible to get incoming calls !

I’ll appreciate your help on resolving of this issue! Thanks alot and have a nice Christmas holidays!