Yet another firewall question:


#1

My Asterisk has a public IP address and a few remote soft and hard phones (SIP) that register from various other networks. It has been working fine up until recently…

I installed a hardware-based router/firewall in front of the Asterisk and opened the applicable ports. However, now in order to get the remote soft/hard phones to register, they each need to open the firewalls on their remote end by opening all voice related ports and making their IP a DMZ. I would prefer not to do this as it shouldn’t be necessary.

What the heck is going on? It doesn’t make sense to me. I tried adding an “externip” and “localnet” address to the sip_nat.conf but that didn’t help.

Thanks,

-TFG


#2

What does you sip.conf configuration look like for the remote phones?
Have you tried using host=dynamic and nat=yes?
Also is you Asterisk box being nat’ed or does it still have a public ip?

Dan