Hi all,
recently i've posted a request about a big problem i have.
I was trying to configure asterisk & iax to serve a double ADSL connection
and internal network, but even if i've used the default configuration for
bindaddr ( 0.0.0.0 ) i had a very strange behaviour.
here is my conf.:
from ifconfig :
eth0 : 192.168.3.1
eth1 : 192.168.4.1
defualt gateway 192.168.3.254.
from iax.conf :
bindaddr = 0.0.0.0
Well, when i use the first address for iax registration everything goes fine,
but when i try to use the second ip address, i will receive a reg ack from the
first ip address and my client discard it ( right !! ).
client server
x.x.x.x ----> REG REQ ----> 192.168.3.1
x.x.x.x <---- REG ACK <---- 192.168.3.1
OK !
x.x.x.x ----> REG REQ ----> 192.168.4.1
x.x.x.x <---- REG ACK <---- 192.168.3.1
NOK!
I've made a full search for a solution of this problem and i found few
informations ( i hope correct )
1. Asterisk uses kernel 2.0 based routing ( strange ! ) and it reach the
destination based on default gateway. So if i use the same subnet of the second
ip address it should work, else it uses the first address that is directly
connected to the default gateway.
2. Someone point me to the use of iproute2 as a packet shaper. But if i've
understood well, it can only use the destination address of the client and not
the source address of the server for routing decision.
See below :
ip rule add to x.x.x.x lookup Table 1 ( where table 1 has a different default gw
)
This is possible but useless when i have internet in the other side ( i
couldn't predetermine all the class of subnet ! )
This is not possible
ip rule add from 192.168.4.1 lookup Table 1 ( because the source address has to
be assigned before the routing decision )
3. Someone else said that the only solution is to install a second asterisk
server to serve the second ADSL link and bind themselves with iax trunk.
At the end of this long listing you would know if i've had a solution ?
My answer is yes !
here is how.
look at this simple iptables command
iptables -t nat -A POSTROUTING -i eth2 -o eth0 -d 192.168.4.1 -j SNAT
--to-source 192.168.4.2-192.168.4.253
eth2 is the ADSL connection
eth0 is the Asterisk connection
With this command i force the source ip address of a client from internet to be
natted to a dynamic ip address in the right subnet and thus asterisk would use
the right ip address to send packet back.
Simple !!
The only thing to remember is to assign the ip addresses of the pool to the
mac-address of the firewall with this command
arp -f /etc/ethers
where /etc/ethers is:
x.x.x.2 AA:BB:CC:DD:EE:FF pub
x.x.x.3 AA:BB:CC:DD:EE:FF pub
...
x.x.x.253 AA:BB:CC:DD:EE:FF pub
if a class C is not enough for you ( you're a lucky boy ) simply use a class
B or higher.
I've made some testing with iax2 ( it hasn't NAT issue ) and it works
fine.
If someone else has a better solution I?d be happy to hear from you, that's
my best.
Mario
Hopefully it will be useful to someone else.