Seb Auriol
2007-May-15 08:39 UTC
[asterisk-users] IAX2 peer unreachable in one direction - NATproblem?
To answer my own message, I figured out a solution (untested) about 10 minutes after posting and leaving the office. Doh! Anyway, the solution (now tested) was to make the Asterisk server behind the NAT register with its peers. Despite reserving port 4569 in the firewall, that was not enough in this particular NAT firewall - it was only being reserved for one connection. Kind regards, Sebastian> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > Seb Auriol > Sent: 14 May 2007 19:39 > To: 'Asterisk Users Mailing List - Non-Commercial Discussion' > Subject: [asterisk-users] IAX2 peer unreachable in one > direction - NATproblem? > > The situation is one of my asterisk servers is behind a NAT > firewall and one > is not. Both servers have multiple IAX peers. The NAT > firewall has port 4569 > mapped through to the asterisk server behind. But, the natted > server is > almost permanently unreachable from this non-natted server, > even though, the > non-natted server is almost permanently _reachable_ from the > natted server. > Details are below with iax2 debug and core debug 3. I actually have an > Asterisk 1.2 and an Asterisk 1.4 server in the non-natted > role, and both > have the same issue. However, I have another non-natted server (on a > different ISP) that can talk fine to the natted server. > > (IP addresses replaced with names.) > > myNonNattedServer*CLI> iax2 show peers > Name/Username Host Mask Port > Status > > myNattedServUN myNattedServer (S) 255.255.255.255 4569 (T) > UNREACHABLE > > [May 14 19:06:05] DEBUG[5549]: chan_iax2.c:1154 > update_max_nontrunk: New max > nontrunk callno is 7 > [May 14 19:06:05] DEBUG[5549]: chan_iax2.c:1252 find_callno: > Creating new > call structure 6 > [May 14 19:06:05] DEBUG[5551]: chan_iax2.c:1644 send_packet: > Sending 12 on > 6/0 to myNattedServer:4569 > Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 000 Type: IAX > Subclass: POKE > > Timestamp: 00012ms SCall: 00006 DCall: 00000 > [myNattedServer:4569] > Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX > Subclass: PONG > > Timestamp: 00012ms SCall: 00005 DCall: 00006 > [myNattedServer:37657] > Tx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX > Subclass: INVAL > > Timestamp: 00000ms SCall: 00006 DCall: 00005 > [myNattedServer:37657] > [May 14 19:06:05] DEBUG[5546]: chan_iax2.c:4788 raw_hangup: Raw Hangup > myNattedServer:37657, src=6, dst=5 > [May 14 19:06:06] DEBUG[5540]: chan_iax2.c:1644 send_packet: > Sending 12 on > 6/0 to myNattedServer:4569 > Tx-Frame Retry[001] -- OSeqno: 000 ISeqno: 000 Type: IAX > Subclass: POKE > > Timestamp: 00012ms SCall: 00006 DCall: 00000 > [myNattedServer:4569] > Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX > Subclass: PONG > > Timestamp: 00012ms SCall: 00006 DCall: 00006 > [myNattedServer:37657] > Tx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX > Subclass: INVAL > > Timestamp: 00000ms SCall: 00006 DCall: 00006 > [myNattedServer:37657] > [May 14 19:06:06] DEBUG[5542]: chan_iax2.c:4788 raw_hangup: Raw Hangup > myNattedServer:37657, src=6, dst=6 > > myNattedServer*CLI> iax2 show peers > Name/Username Host Mask Port > Status > myNonNattedSeUN myNonNattedServ (S) 255.255.255.255 4569 > (T) OK (14 > ms) > > Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX > Subclass: POKE > Timestamp: 00016ms SCall: 00010 DCall: 00000 > [myNonNattedServ:4569] > May 14 18:08:45 DEBUG[1196]: chan_iax2.c:1007 > update_max_nontrunk: New max > nontrunk callno is 12 > May 14 18:08:45 DEBUG[1196]: chan_iax2.c:1112 find_callno: > Creating new call > structure 11 > May 14 18:08:45 DEBUG[1196]: chan_iax2.c:6654 socket_read: > Received packet > 0, (6, 30) > May 14 18:08:45 DEBUG[1196]: chan_iax2.c:6848 socket_read: > IAX subclass 30 > received > May 14 18:08:45 DEBUG[1196]: chan_iax2.c:6857 socket_read: > For call=11, set > last=16 > May 14 18:08:45 DEBUG[1196]: chan_iax2.c:1515 send_packet: > Sending 16 on > 11/10 to myNonNattedServ:4569 > Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX > Subclass: PONG > Timestamp: 00016ms SCall: 00011 DCall: 00010 > [myNonNattedServ:4569] > Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX > Subclass: INVAL > Timestamp: 00000ms SCall: 00010 DCall: 00011 > [myNonNattedServ:4569] > May 14 18:08:45 DEBUG[1196]: chan_iax2.c:6654 socket_read: > Received packet > 0, (6, 10) > May 14 18:08:45 DEBUG[1196]: chan_iax2.c:6848 socket_read: > IAX subclass 10 > received > May 14 18:08:45 DEBUG[1196]: chan_iax2.c:7510 socket_read: Immediately > destroying 11, having received INVAL > May 14 18:08:45 DEBUG[1196]: chan_iax2.c:7513 socket_read: > Destroying call > 11 > > Also when calls are placed to myNonNattedServer from > myNattedServer (which > does work), the channel name is > IAX2/myNattedServer:37657-callno, as opposed > to IAX2/myNattedServUserName-53. > > (BTW, if I turn off qualify on myNonNattedServer, I can still > not make calls > from myNonNattedServer to myNattedServer.) > > Any idea what is wrong? This used to work fine (possibly when > myNattedServer > was only trying to talk to one asterisk server through the > NAT - now it has > 3, only one of which is working properly). > > Many thanks, > > Sebastian