asterisk users - Nov 2003 - Does externalip= do anything to help with SIP behind a Linux based NAT router?

I'm just curious if I was to place my * box behind a a FW/NAT box 
running linux, if my SIP calls will still work.  Box right now is a RH9 
computer using iptables as the FW.  I wouldn't mind placing my * box 
behind it, but I'm wondering if anyone has actually gotten NAT working 
with *?

Thanks,

-- 
+------------------------------------------+
|Leif Madsen - http://www.hacklocalhost.com|
+------------------------------------------+
|    @| leif at hacklocalhost dot com      |
|  SMS| sms at hacklocalhost dot com       |
|  FWD| 18924          IAX| 1700-363-0761  |
|iptel| 8972-1969    sipph| 1-747-386-1618 |
+------------------------------------------+

It should. YOu need to do port forwarding on the firewall and use externip
not externalip in general section of sip.conf. Refer to
asterisk/configs/sip.conf.sample

Martin

On Tue, 4 Nov 2003, Leif Madsen wrote:
> I'm just curious if I was to place my * box behind a a FW/NAT box
> running linux, if my SIP calls will still work.  Box right now is a RH9
> computer using iptables as the FW.  I wouldn't mind placing my * box
> behind it, but I'm wondering if anyone has actually gotten NAT working
> with *?
>
> Thanks,
>
> --
> +------------------------------------------+
> |Leif Madsen - http://www.hacklocalhost.com|
> +------------------------------------------+
> |    @| leif at hacklocalhost dot com      |
> |  SMS| sms at hacklocalhost dot com       |
> |  FWD| 18924          IAX| 1700-363-0761  |
> |iptel| 8972-1969    sipph| 1-747-386-1618 |
> +------------------------------------------+
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users@lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
>

Leif Madsen wrote:
> I'm just curious if I was to place my * box behind a a FW/NAT box 
> running linux, if my SIP calls will still work.  Box right now is a RH9 
Leif,
The question is too open to anwer, you have to be more specific.

There are several situations:

1. Asterisk as a SIP client behind nat, connecting to outside SIP Proxies
2. Asterisk as a SIP client behind nat, connecting to inside SIP proxies
3. Asterisk as a SIP server behind nat, clients on the outside connecting to
Asterisk
4. Asterisk as a SIP server behind nat, clients on the inside connecting to
Asterisk

Everything works somewhere, but it depends on the client and the NAT and many
other factors.
In most cases, 1 and 3 is broken.

#1 works with SIP Express router as the outside proxy. (Get an account at
IPtel.org and try!). Fails with fwd.
#2 Works- no NAT in between
#3 Works with port forwarding and some header mangling magic
#4 Works - no NAT in between

I'm afraid if I configure externalIP=, 1 works, like with FWD, but 2 is
broken.
I don't know what happens with 4 if I at the same time use externalip= and
have clients
configured as 3.
As I see it, externalip= is an ugly hack that causes problems. There are better
solutions
in the bug tracking system, being discussed and refined.

STUN support, and the netmask/ip-network configuration helps asterisk to find
out itself
if there's a NAT in the middle and if something should be done.

Let's continue
5. Asterisk as a SIP client outside nat, connecting to outside SIP proxies
6. Asterisk as a SIP client outside nat, connecting to inside SIP proxies
7. Asterisk as a SIP server outside nat, clients on the outside connecting to
Asterisk
8. Asterisk as a SIP server outside nat, clients on the inside connecting to
Asterisk


#5 is no problem. No NAT in the middle
#6 is a problem if no port forwarding is done, similar to 3 above.
#7 is no problem. No NAT in the middle
#8 is solved with nat=yes and qualify=xxx in sip.conf for the client in most
cases. Some clients (X-lite)
assist themselves by using STUN and sending UDP keep-alive packets. Qualify
sends keep-alive packets from
Asterisk to the client on the inside.

Then we have even worse cases...

9. Asterisk inside a NAT, client inside ANOTHER NAT
In this case, we need a middle man to even find each other, an outbound SIP
proxy that handles the SIP transaction and is reachable
by all parties. To get media streams from point to point we need another middle
man, a media server. Asterisk could be that media server,
that could add media codec conversion. Portaone's rtpproxy works together
with SIP Express router.

I'm sure we can find #10-xx as well.



And yes, I'll rewrite this and put it up on the Wiki ;-)

/Olle