Hi Folks, I've just built myself a m0n0Wall based around a WRAP board and whilst it work really well for everything else I'm having some issues with Asterisk's NAT abilities. Here's my setup, A bunch of hardphones (various types) littered around the house. SPA-3000 handles the house POTS line which forwards to extention 2005. X-Ten Pro on my laptop for when I'm out and about. Grandstream BT-101 at my dad's house via our cable modems. Until replacing the Linksys with the m0n0Wall everything was working fine and dandy. I have externip=g7ltt.dyndns.org set in my sip.conf file. Without it I could not make my dad's phone work. With the m0n0Wall in place and the externip setting set I can make no calls internally but all the external phones work just fine. The reverse is true when I remove the externip setting; the internal phones work but the external ones don't. I've done some tracing with both firewalls and have noted the following; Linksys: externip set all SIP and IAX2 frames from * have my public address as the reply-to regardless of the NAT requirement of the phone in use. In other words it offers up the external address for internal calls. All data flows through the Linksys when addressed to the public IP address and is then forwarded back to the * server. m0n0Wall: externip set as above and the firewall drops the packets. externip not set and the * NAT doesn't work. I know that the m0n0Wall requires a rule to be added to make it work as before but what I don't understand is why is Asterisk forcing all calls to use its public IP address when externip is set? Surely this doubles network traffic; one packet goes to the router. another goes from the router to the internal host. Why doesn't go directly over the LAN for internal stuff? I had assumed that the addition of a nat=yes statement in the relevant phone stanza would turn on or off the NAT reqirement for that phone device but this doesn't seem to be the case. Any ideas would be greatly appreciated. Mark -- Mark, G7LTT/KC2ENI Randolph, NJ http://www.g7ltt.com
I am. Setup exactly as you describe, in a corporate environment. No problem whatsoever. Do you have port forwarding rules to your Asterisk server from the WAN interface specifically for 5060 UDP and RTP 10000-20000? Also Monowall 1.2 was flaky for me, I'm running 1.1 -----Original Message----- From: Mark Phillips [mailto:g7ltt@g7ltt.com] Sent: Thursday, December 22, 2005 5:48 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [Asterisk-Users] Anyone doing NAT through m0n0Wall? Hi Folks, I've just built myself a m0n0Wall based around a WRAP board and whilst it work really well for everything else I'm having some issues with Asterisk's NAT abilities. Here's my setup, A bunch of hardphones (various types) littered around the house. SPA-3000 handles the house POTS line which forwards to extention 2005. X-Ten Pro on my laptop for when I'm out and about. Grandstream BT-101 at my dad's house via our cable modems. Until replacing the Linksys with the m0n0Wall everything was working fine and dandy. I have externip=g7ltt.dyndns.org set in my sip.conf file. Without it I could not make my dad's phone work. With the m0n0Wall in place and the externip setting set I can make no calls internally but all the external phones work just fine. The reverse is true when I remove the externip setting; the internal phones work but the external ones don't. I've done some tracing with both firewalls and have noted the following; Linksys: externip set all SIP and IAX2 frames from * have my public address as the reply-to regardless of the NAT requirement of the phone in use. In other words it offers up the external address for internal calls. All data flows through the Linksys when addressed to the public IP address and is then forwarded back to the * server. m0n0Wall: externip set as above and the firewall drops the packets. externip not set and the * NAT doesn't work. I know that the m0n0Wall requires a rule to be added to make it work as before but what I don't understand is why is Asterisk forcing all calls to use its public IP address when externip is set? Surely this doubles network traffic; one packet goes to the router. another goes from the router to the internal host. Why doesn't go directly over the LAN for internal stuff? I had assumed that the addition of a nat=yes statement in the relevant phone stanza would turn on or off the NAT reqirement for that phone device but this doesn't seem to be the case. Any ideas would be greatly appreciated. Mark -- Mark, G7LTT/KC2ENI Randolph, NJ http://www.g7ltt.com _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Mark, we work on a few of NAT to NAT issues and resolved them by using the new version 1.2.1 and externhostNo sure how you got externip= to do FQN because we were not able to get it to work... "Please"..Can you let me know, how you got it to work? that way I can avoid upgrading couple of my clients in a production environments... TIA,,, Manny -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Mark Phillips Sent: Thursday, December 22, 2005 7:48 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [Asterisk-Users] Anyone doing NAT through m0n0Wall? Hi Folks, I've just built myself a m0n0Wall based around a WRAP board and whilst it work really well for everything else I'm having some issues with Asterisk's NAT abilities. Here's my setup, A bunch of hardphones (various types) littered around the house. SPA-3000 handles the house POTS line which forwards to extention 2005. X-Ten Pro on my laptop for when I'm out and about. Grandstream BT-101 at my dad's house via our cable modems. Until replacing the Linksys with the m0n0Wall everything was working fine and dandy. I have externip=g7ltt.dyndns.org set in my sip.conf file. Without it I could not make my dad's phone work. With the m0n0Wall in place and the externip setting set I can make no calls internally but all the external phones work just fine. The reverse is true when I remove the externip setting; the internal phones work but the external ones don't. I've done some tracing with both firewalls and have noted the following; Linksys: externip set all SIP and IAX2 frames from * have my public address as the reply-to regardless of the NAT requirement of the phone in use. In other words it offers up the external address for internal calls. All data flows through the Linksys when addressed to the public IP address and is then forwarded back to the * server. m0n0Wall: externip set as above and the firewall drops the packets. externip not set and the * NAT doesn't work. I know that the m0n0Wall requires a rule to be added to make it work as before but what I don't understand is why is Asterisk forcing all calls to use its public IP address when externip is set? Surely this doubles network traffic; one packet goes to the router. another goes from the router to the internal host. Why doesn't go directly over the LAN for internal stuff? I had assumed that the addition of a nat=yes statement in the relevant phone stanza would turn on or off the NAT reqirement for that phone device but this doesn't seem to be the case. Any ideas would be greatly appreciated. Mark