Routed mode?


#1

I’m trying to set up asterisk so, that two internal IPs, that cannot ping each other, can communicate. This would mean that all traffic goes through asterisk server (which has also internal IP, but everyone can ping its IP).

Please tell me, if it is possible to set it up this way.


#2

this has nothing to do with asterisk, but rather, whatever config your linux (assuming you’re running linux) server is set up for. no reason it can’t be…


#3

thank you for your reply

I’d like to explain what’s the problem

I have small local wifi network

I have blocked all internal communication, because it has been causing problems with latencies

All of the users can ping IP of asterisk server, but cannot ping each other

problem is, that they cannot communicate, I have thought, all of the communication from IP 10.10.10.2 (users no.1) would go to 10.10.10.1 (asterisk) and then to IP 10.10.10.3, it means those two would not need to be able to communicate directly


#4

you are correct, this is not a bad way to set things up, but again, this has nothing to do with asterisk and you’d be better off posting this to a forum involved with linux (or whatever). asterisk runs (usually) under linux, but nothing in your problem is related in any way to asterisk itself, so posting here is not helpful.


#5

When setting up a call, Asterisk uses itself as endpoints for the media streams. However, once a SIP call has been accepted, Asterisk sends a REINVITE message to the phones so they can send streams directly to each other. By setting “canreinvite=no”, Asterisk will stop sending REINVITES after the call is established.

So, if you want to STOP the phones communicating directly with each other, just set the “canreinvite=no” in your sip.conf file.

I personally use hardwired systems using managed switches with VLAN enabled, so latency has never been a concern.

Also, just curious, how are you blocking internal communications?


#6

thank you very much

I have already managed, to allow comunication between each others on port 8000, but I’ll try to do it with canreinvite=no

internal communication is blocked using iptables (except of those on LAN, where I use non-manageable switches, but 100mbits is enough)