Which port# for IAX2 'register' command

I opened port 4569 in my firewall and managed to reach out to FWD.
But incoming calls don’t seem to get through.

iax.conf has this entry:
register => MYFWDNUMBER:MYPASSWORD@iax2.fwdnet.net
(MYFWDNUMBER:MYPASSWORD substituted for real number/password)

Looking in the Asterisk logfile, I find:
– Registered to ‘’, who sees us as

Is port 60323 used for incoming calls?
Is this port # fixed, so I can open for this port in the firewall, or will it change?


What’s the bindport option set to in your iax.conf?

The bindport is set to 4569


Well that’s really weird!

should say

and i don’t understand why it doesn’t. What version of Asterisk are you using?

I am using Asterisk@Home 1.5, which uses Asterisk 1.0.9 .


This isn’t the NAT on your modem/router translating port 4569 to 60323, is it?

I’m not sure about this aspect of how Asterisk works - maybe it’s reporting what the other end sees, rather than what it’s sending to the other end. In which case, that could make sense - i.e., it’s leaving Asterisk with port 4569 but the router’s changing the port to 60323 and then when it gets packets back to 60323, translating them to 4569 and sending them to the Asterisk box. If that’s what’s happening, it might or might not be a problem - depending on how the iax2 protocol works, which i’m not sure about.

You may have to change the way your modem/router is configured. Having Asterisk behind NAT is a pain in the arse. You’re better off using the modem in bridged mode, doing the PPPoE connection on your linux box and running a firewall and NAT there.

However, iax2 should work with NAT ok - but you may have to change the configuration somehow. How will depend on your modem.

This is the way NAT works - outgoing sessions from 4569 get a masqueraded return address and port. 60323 is in the range of dynamic assignable ports for this purpose. Returning packages coming in through port 60323 are redirected to 4569 on the machine that originated the session.
But - this is only valid throughout a single (tcp)session. If a package (incoming call) arrives later on, the port 60323 will be closed.

As 4569 is defined as the standard IAX2 port, I opened port 4569 in my router for incoming packages, redirecting them to 4569 of my asterisk server. This actually made outgoing calls work. Even though the call to the IAX2 server is masqueraded to look like it comes from a dynamic port, the IAX2 server knows that 4569 is the real return port, and I get the sound to my phone. (This works.)

But incoming calls don’t work, obviously because the IAX2 server goes to the wrong port.
This could be an error in the register function of the IAX2 server?
To be able to traverse the NAT, the server should know that the return port is 4569 - not 60323 as it appears to be.

still confused,

I doubt it’s the IAX2 register function that’s the problem - it’s more likely to be the way your router works. IAX2 is well known to work well with NAT. However, for what you’ve described to work properly requires that the router is smart enough to not translate ports that it’s also forwarding. In othe words, there’s no point forwarding port 4569 if the router is making sure that nothing ever comes in for 4569 (because it’s translating the source port in outgoing packets to 60323 or whatever).

I know that different routers do NAT in different ways - as i understand it, some do effectively random, dynamic translations which only persist for the length of time of the connection - and as we’re talking about UDP, that’s not very long! Others have fixed mappings which mean that the translation’s always the same. In the latter case, what you’re trying to do will probably work. In the former, it probably won’t.

Your router might be simply not up to the job. You may need to try a different approach, like using a DMZ or something else.