Steven M. Sokol
2003-Oct-22 08:22 UTC
[Asterisk-Users] Running Asterisk and NAT on the same box?
Has anyone tried installing * on a box with two eth interfaces which is acting as a NAT box? I have only one IP at this point and I would like to get * working without all of the NAT issues. My idea is to run * on my gateway (which is also running the firewall and masquerade services). All of my UAs (Grandstream + Xten X-LITE + gnophone) will be inside the NAT screen, and will connect to the * using its PUBLIC (outside) address. Does this sound reasonable? Thanks, Steve
Dave Cotton
2003-Oct-22 08:53 UTC
[Asterisk-Users] Running Asterisk and NAT on the same box?
On Wed, 2003-10-22 at 17:22, Steven M. Sokol wrote:> Has anyone tried installing * on a box with two eth interfaces which is > acting as a NAT box? I have only one IP at this point and I would like > to get * working without all of the NAT issues. My idea is to run * on > my gateway (which is also running the firewall and masquerade services). > All of my UAs (Grandstream + Xten X-LITE + gnophone) will be inside the > NAT screen, and will connect to the * using its PUBLIC (outside) > address.>From your description I assume, [don't assume:- it makes an ass out of uand me] that one eth interface is going to a xDSL/Cable modem and the other to your network. If that's the case, other than the fact that I have a PCI ADSL modem, that is exactly what I have. Funny enough I feel that if you have taken the trouble to set up a communication system it helps if it is easy to use, i.e. no NAT problems. You actually have to open some gaps in your high security defence system to see if there is someone outside who wants to talk to you. -- Dave Cotton <dcotton@linuxautrement.com>
Chris Albertson
2003-Oct-22 08:58 UTC
[Asterisk-Users] Running Asterisk and NAT on the same box?
I think that is about the only thing that _will_ work if you want Asterisk to make and recieve SIP calls to the public Internet. If your system were larger you could justify _two_ asterisk servers. One on the fire wall as you've proposed and the second inside in back of NAT. All SIP calls to/from the outside would go through the exposed server while your inside lines and PSTN connection would be via the inside server. The two servers would interconnect via IAX2 trunk. This would be more secure that your proposed plan but adds to the cost. Note however that the exposed computer could be a very light weight machine, a 1Ghz micro ATX card. I'm working on setting up just what you describe. Another idea, one that I'll work on is setting up not an Asterisk server on the firewall but a SIP proxy. This requires changes to chan_sip.c to teach it about SIP proxies but I think it the best long term fix and worth the effort. --- "Steven M. Sokol" <ssokol@sokol-associates.com> wrote:> Has anyone tried installing * on a box with two eth interfaces which > is > acting as a NAT box? I have only one IP at this point and I would > like > to get * working without all of the NAT issues. My idea is to run * > on > my gateway (which is also running the firewall and masquerade > services). > All of my UAs (Grandstream + Xten X-LITE + gnophone) will be inside > the > NAT screen, and will connect to the * using its PUBLIC (outside) > address. > > Does this sound reasonable? > > Thanks, > > Steve > > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users====Chris Albertson Home: 310-376-1029 chrisalbertson90278@yahoo.com Cell: 310-990-7550 Office: 310-336-5189 Christopher.J.Albertson@aero.org KG6OMK __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com
Tjardick van der Kraan
2003-Oct-22 09:14 UTC
[Asterisk-Users] Running Asterisk and NAT on the same box?
Hi Steve, This is definately the way to go when you are dealing with NAT. I have simulair setups running like this myself and it works perfectly. Only think you need to do in the sip.conf entries is add canreinvite=no This will force any sip-calls from the outside to be routed thru *. Greetings, Tjardick -- Tjardick van der Kraan tjardick@vanderkraan.net IAXtel: 1 700 344 0522 FWD: 26322 IPtel: 91331 ----- Original Message ----- From: "Steven M. Sokol" <ssokol@sokol-associates.com> To: <asterisk-users@lists.digium.com> Sent: Wednesday, October 22, 2003 5:22 PM Subject: [Asterisk-Users] Running Asterisk and NAT on the same box?> Has anyone tried installing * on a box with two eth interfaces which is > acting as a NAT box? I have only one IP at this point and I would like > to get * working without all of the NAT issues. My idea is to run * on > my gateway (which is also running the firewall and masquerade services). > All of my UAs (Grandstream + Xten X-LITE + gnophone) will be inside the > NAT screen, and will connect to the * using its PUBLIC (outside) > address. > > Does this sound reasonable? > > Thanks, > > Steve > > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users >
Jean-Christophe Heger
2003-Oct-22 09:43 UTC
[Asterisk-Users] Running Asterisk and NAT on the same box?
Hi Tjardick, Do you mean that * will be used as a proxy by the way ? For the tests I have made, Asterisk tries to put both phones in relation together. Did I understand right ? Jean-Christophe ----- Original Message ----- From: "Tjardick van der Kraan" <tjardick@vanderkraan.net> To: <asterisk-users@lists.digium.com> Sent: Wednesday, October 22, 2003 6:14 PM Subject: Re: [Asterisk-Users] Running Asterisk and NAT on the same box?> Hi Steve, > > This is definately the way to go when you are dealing with NAT. > > I have simulair setups running like this myself and it works perfectly. > > Only think you need to do in the sip.conf entries is add > > canreinvite=no > > This will force any sip-calls from the outside to be routed thru *. > > Greetings, > > Tjardick > > -- > Tjardick van der Kraan > tjardick@vanderkraan.net > > IAXtel: 1 700 344 0522 > FWD: 26322 > IPtel: 91331 > > > ----- Original Message ----- > From: "Steven M. Sokol" <ssokol@sokol-associates.com> > To: <asterisk-users@lists.digium.com> > Sent: Wednesday, October 22, 2003 5:22 PM > Subject: [Asterisk-Users] Running Asterisk and NAT on the same box? > > > > Has anyone tried installing * on a box with two eth interfaces which is > > acting as a NAT box? I have only one IP at this point and I would like > > to get * working without all of the NAT issues. My idea is to run * on > > my gateway (which is also running the firewall and masquerade services). > > All of my UAs (Grandstream + Xten X-LITE + gnophone) will be inside the > > NAT screen, and will connect to the * using its PUBLIC (outside) > > address. > > > > Does this sound reasonable? > > > > Thanks, > > > > Steve > > > > > > _______________________________________________ > > Asterisk-Users mailing list > > Asterisk-Users@lists.digium.com > > http://lists.digium.com/mailman/listinfo/asterisk-users > > > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users >
Leif Madsen
2003-Oct-22 11:39 UTC
[Asterisk-Users] Running Asterisk and NAT on the same box?
Steven M. Sokol wrote:> Has anyone tried installing * on a box with two eth interfaces which is > acting as a NAT box? I have only one IP at this point and I would like > to get * working without all of the NAT issues. My idea is to run * on > my gateway (which is also running the firewall and masquerade services). > All of my UAs (Grandstream + Xten X-LITE + gnophone) will be inside the > NAT screen, and will connect to the * using its PUBLIC (outside) > address. > > Does this sound reasonable?This is exactly what I did. I ran it on a ClarkConnect 2.0 gateway distribution. Worked great. -- +------------------------------------------+ |Leif Madsen - http://www.hacklocalhost.com| +------------------------------------------+ | @| leif at hacklocalhost dot com | | SMS| sms at hacklocalhost dot com | | FWD| 18924 IAX| 1700-363-0761 | |iptel| 8972-1969 sipph| 1-747-386-1618 | +------------------------------------------+
Chris Hariga
2003-Oct-22 12:03 UTC
[Asterisk-Users] Running Asterisk and NAT on the same box?
My * is running like NAT for my LAN. Best regards, Chris HARIGA -----Original Message----- From: asterisk-users-admin@lists.digium.com [mailto:asterisk-users-admin@lists.digium.com]On Behalf Of Steven M. Sokol Sent: Wednesday, October 22, 2003 11:22 AM To: asterisk-users@lists.digium.com Subject: [Asterisk-Users] Running Asterisk and NAT on the same box? Has anyone tried installing * on a box with two eth interfaces which is acting as a NAT box? I have only one IP at this point and I would like to get * working without all of the NAT issues. My idea is to run * on my gateway (which is also running the firewall and masquerade services). All of my UAs (Grandstream + Xten X-LITE + gnophone) will be inside the NAT screen, and will connect to the * using its PUBLIC (outside) address. Does this sound reasonable? Thanks, Steve _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users