AstGrp
2004-Feb-29 22:22 UTC
[Asterisk-Users] Asterisk as a SIP server behind nat, clients on the outside connecting to Asterisk
I have this working, with not much work... SIP CONF [general] port = 5060 ; Port to bind to bindaddr = 0.0.0.0 ; address to bind to externip = <NAT IP / Outside IP> ; Address that we're going to put in SIP messages if we're behind a NAT localnet = 10.100.254.0 ; Internal NETWORK address localmask = 255.255.255.0 ; Internal netmask context=default ; Default for incoming calls ;srvlookup = yes ; Enable SRV lookups on outbound calls ;pedantic = yes ; Enable slow, pedantic checking for Pingtel ;tos=lowdelay ;tos=184 ;maxexpirey=3600 ; Max length of incoming registration we allow ;defaultexpirey=120 ; Default length of incoming/outoing registration ;notifymimetype=text/plain ; Allow overriding of mime type in NOTIFY ;videosupport=yes ; Turn on support for SIP video disallow=all ; Disallow all codecs allow=ulaw ; Allow codecs in order of preference allow=ilbc allow=alaw [travel] type=friend username=travel secret=<password> host=dynamic nat=yes context=local mailbox=4003 Ports in the Firewall Port 5060 UDP Ports 16456 - 17456 UDP RTP Conf rtpstart=16456 rtpend=17456 -gcc -----Original Message----- From: asterisk-users-admin@lists.digium.com [mailto:asterisk-users-admin@lists.digium.com] On Behalf Of Steve Beaumont Posted At: Sunday, February 29, 2004 4:12 PM Posted To: Asterisk User Group Conversation: [Asterisk-Users] Asterisk as a SIP server behind nat, clients on the outside connecting to Asterisk Subject: [Asterisk-Users] Asterisk as a SIP server behind nat, clients on the outside connecting to Asterisk On the wiki pages it suggests that clients on the outside of NAT can connect to an Asterisk server behind nat. (option no 3). The note suggests that this can work with port forwarding and some 'header mangling magic'. I have the port forwarding configured however, when I try to connect an external client through the firewall the client does not correctly register. The REGISTER message is received, the server responds with Status 100 trying, followed by Status 407 Proxy Authentication required. This repeated several times. I guessing but could this be where the 'header mangling magic' is required. ? Does anyone know how this magic can be applied. Many thanks Steve Beaumont _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Steve Beaumont
2004-Mar-03 10:23 UTC
[Asterisk-Users] Asterisk as a SIP server behind nat, clients on the outside connecting to Asterisk
----- Original Message ----- From: AstGrp <astgrp@cwkb.com> To: <asterisk-users@lists.digium.com> Sent: Monday, March 01, 2004 5:22 AM Subject: RE: [Asterisk-Users] Asterisk as a SIP server behind nat, clients on the outside connecting to Asterisk> I have this working, with not much work... > > SIP CONF > > [general] > port = 5060 ; Port to bind to > bindaddr = 0.0.0.0 ; address to bind to > externip = <NAT IP / Outside IP> ; Address that we're going to > put in SIP messages if we're behind a NAT > localnet = 10.100.254.0 ; Internal NETWORK address > localmask = 255.255.255.0 ; Internal netmask > context=default ; Default for incoming calls > ;srvlookup = yes ; Enable SRV lookups on outbound calls > ;pedantic = yes ; Enable slow, pedantic checking for > Pingtel > ;tos=lowdelay > ;tos=184 > ;maxexpirey=3600 ; Max length of incoming registration we > allow > ;defaultexpirey=120 ; Default length of incoming/outoing > registration > ;notifymimetype=text/plain ; Allow overriding of mime type in > NOTIFY > ;videosupport=yes ; Turn on support for SIP video > disallow=all ; Disallow all codecs > allow=ulaw ; Allow codecs in order of preference > allow=ilbc > allow=alaw > > > [travel] > type=friend > username=travel > secret=<password> > host=dynamic > nat=yes > context=local > mailbox=4003 > > Ports in the Firewall > > Port 5060 UDP > Ports 16456 - 17456 UDP > > RTP Conf > > rtpstart=16456 > rtpend=17456 > > -gcc > > > -----Original Message----- > From: asterisk-users-admin@lists.digium.com > [mailto:asterisk-users-admin@lists.digium.com] On Behalf Of Steve > Beaumont > Posted At: Sunday, February 29, 2004 4:12 PM > Posted To: Asterisk User Group > Conversation: [Asterisk-Users] Asterisk as a SIP server behind nat, > clients on the outside connecting to Asterisk > Subject: [Asterisk-Users] Asterisk as a SIP server behind nat, clients > on the outside connecting to Asterisk > > > On the wiki pages it suggests that clients on the outside of NAT can > connect to an Asterisk server behind nat. (option no 3). The note > suggests that this can work with port forwarding and some 'header > mangling magic'. > > I have the port forwarding configured however, when I try to connect an > external client through the firewall the client does not correctly > register. The REGISTER message is received, the server responds with > Status 100 trying, followed by Status 407 Proxy Authentication required. > This repeated several times. > > I guessing but could this be where the 'header mangling magic' is > required. ? Does anyone know how this magic can be applied. > > Many thanks > Steve BeaumontThanks for the replies, but this has turned out to be a little more involved than it first appeared. I'm sorry to say I haven't really got to the bottom of it yet but it seems to be a problem with the way my router handles NAT/PAT. Unfortunately, I am unable to sniff the adsl side of my internet connection so it's proving a little difficult to pin down. I must admit I'm a little surprised that a fairly recent protocol like SIP is not more firewall /NAT/PAT friendly. Anyhow, less of the moaning. A general question that has been on mind for a while is the range of RTP ports used by SIP. What governs there allocation. Concurrent connections ? All the best Steve Beaumont