asterisk users - Oct 2004 - IAX2 Nat issue, Any help greatly appreciated

I am experiencing difficulty receiving in bound calls over IAX2.  While
tracing the issue, I have noticed:

 

  When the inbound call completes, the inbound packets are using port 4569.
For some reason, when the call fails the inbound packets are using port
13081.  I can not figure out why the different port.  Is it a NAT issue.

 

My setup:

 

  Asterisk 1.0.1  

 

  My asterisk box is behind a firewall, but in a DMZ.  The Asterisk Box is
published with a public IP address.  My provider appears to be ignoring the
Public IP address and using the received from ip.  

 

Any suggestions will be greatly appreciated?  

 

Gene  

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20041018/07cfc628/attachment.htm

On Mon, 18 Oct 2004 18:20:17 -0400, Gene Willingham
<gwillingham@comcast.net> wrote:
> 
>   My asterisk box is behind a firewall, but in a DMZ.
Is this a hardware or software DMZ?
>  The Asterisk Box is
> published with a public IP address.  My provider appears to be ignoring the
> Public IP address and using the received from ip.
Can you be a bit more specific. What's the setup of your NAT/DMZ?
Which address is published? The NAT router's? The DMZ's? Who is
initiating the calls? etc

rgds
benjk

-- 
Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya,
Tokyo, Japan.

NB: Spam filters in place. Messages unrelated to the * mailing lists
may get trashed.

I am using a Sonicwall 3060.  The SonicWall has 6 hardware interfaces. My
asterisk box is on one interface configured as a DMZ.  It still goes through
NAT, but is exposed as a public ip of x.x.x.56, and private IP 192.168.3.2.
The public ip of the firewall is x.x.x.50.

I am using the connect service from Voicepulse.  They are initiating the
call.  IT appears when I register with them I 

What I think is happening is:  If I receive an inbound call on IAX during an
IAX registration, the call does not get setup.  I appear to be unavailable
to the other server. When a call fails I noticed using tcpdump that the
inbound packets are destined for port 13081.  When the call succeeds the
inbound packets are destined for port 4569.  Port 13081 seems to make sense
when looking at iax2 show registry.  But it does not match the output from
tcpdump when compared to calls that succeed.



gw1*CLI> iax2 show registry
Host                  Username    Perceived             Refresh  State
66.234.228.170:4569   QSa55JPy58  x.x.x.50:13081           60  Registered

 

[IAX2 debug enabled]
Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 000 Type: IAX     Subclass:
REGREQ 

   Timestamp: 00017ms  SCall: 00002  DCall: 00000 [66.234.228.170:4569]
   USERNAME        : QSa55JPy58
   REFRESH         : 60

gw1*CLI> 
Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX     Subclass:
REGACK 
   Timestamp: 00015ms  SCall: 00186  DCall: 00002 [66.234.228.170:4569]
   USERNAME        : QSa55JPy58
   DATE TIME       : 156437288
   REFRESH         : 60
   APPARENT ADDRES : IPV4 x.x.x.50:13081

gw1*CLI> 
Tx-Frame Retry[-01] -- OSeqno: 001 ISeqno: 001 Type: IAX     Subclass: ACK

   Timestamp: 00015ms  SCall: 00002  DCall: 00186 [66.234.228.170:4569]
Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 000 Type: IAX     Subclass:
HANGUP 
   Timestamp: 09779ms  SCall: 00518  DCall: 00000 [66.234.228.170:4569]

 

Output from tcpdump:
22:02:48.246092 x.x.com.4569 > 170-228-234-66.cosmoweb.net.4569: udp 12 (DF)
[tos 0x10]
22:03:18.597719 170-228-234-66.cosmoweb.net.4569 > x.x.com.13081: udp 84
(DF)
22:03:20.601668 170-228-234-66.cosmoweb.net.4569 > x.x.com.13081: udp 84
(DF)
22:03:28.406522 170-228-234-66.cosmoweb.net.4569 > x.X.com.13081: udp 12
(DF)
22:03:30.406566 170-228-234-66.cosmoweb.net.4569 > x.x.com.13081: udp 12
(DF)
22:03:30.601889 170-228-234-66.cosmoweb.net.4569 > X.X.com.13081: udp 84
(DF)
22:03:38.236056 X.x.com.4569 > 170-228-234-66.cosmoweb.net.4569: udp 28 (DF)
[tos 0x10]
22:03:38.246584 170-228-234-66.cosmoweb.net.4569 > x.x.com.4569: udp 52 (DF)

 
Configuration:
  Asterisk 1.0.1.
  Sonicwall 3060 Firewall.


Message: 3
Date: Tue, 19 Oct 2004 14:27:29 +0900
From: Benjamin on Asterisk Mailing Lists
	<benjk.on.asterisk.ml@gmail.com>
Subject: Re: [Asterisk-Users] IAX2 Nat issue, Any help greatly
	appreciated
To: Asterisk Users Mailing List - Non-Commercial Discussion
	<asterisk-users@lists.digium.com>
Message-ID: <10913b9f04101822277eab3268@mail.gmail.com>
Content-Type: text/plain; charset=US-ASCII

On Mon, 18 Oct 2004 18:20:17 -0400, Gene Willingham
<gwillingham@comcast.net> wrote:
> 
>   My asterisk box is behind a firewall, but in a DMZ.
Is this a hardware or software DMZ?

>  The Asterisk Box is
> published with a public IP address.  My provider appears to be ignoring
the
> Public IP address and using the received from ip.
Can you be a bit more specific. What's the setup of your NAT/DMZ?
Which address is published? The NAT router's? The DMZ's? Who is
initiating the calls? etc

rgds
benjk

-- 
Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya,
Tokyo, Japan.

NB: Spam filters in place. Messages unrelated to the * mailing lists
may get trashed.