Hi We are currently using Asterisk 1.2.4 with IAX and app_meetme for conferencing, but are looking to move to SIP because of issues with an IAX control we're using. The reason we moved from SIP to IAX in the first place was because of the poor NAT traversal with SIP. At that stage we were using Asterisk 1.0.*. How does Asterisk 1.2.4 handle NAT traversal and firewalls compared to the older Asterisk? Have there been improvements? Or is SIP (obviously depending on what client you use) still poor when it comes to NAT traversal and firewalling? Many thanks Hagen
Hi Hagen, It's not exactly a pleasure to run SIP through firewalls but it can be done. At least in under some circumstances. I have successfull run an Asterisk server from behind a NAT router and run a SIP trunk to the SIP VoIP provider. The problems tend to arise when multiple SIP devices wants to communicate through the NAT router. My conclusion was that all my SIP devices should be connected to the Asterisk box (ip-pbx) and that connected to the provider. To make this work I: 1. Set up port forwarding from the NAT router to the asterisk box of the relevant ports: UDP: 5004-5082 UDP: 10000-20000 2. Adjusted lan paramers in SIP.conf: externip = 212.xxx.xxx.xxx (I don't want your calls guys) localnet=192.168.0.0/255.255.255.0 3. Set up SIP account for VoIP provider in sip.conf . For good measure I put nat=yes in this account but I don't think it's required. 4. Make sure your SIP VoIP provider can handle NAT. 5. Extensions from outside the NAT router also works fine with this setup. Perhaps you need to set nat=yes in these extensions as well. In this configuration things are not to terrible to get going. Good luck. Cheers, John>>> hagen@intellinc.co.za 02/15/06 11:42 am >>>Hi We are currently using Asterisk 1.2.4 with IAX and app_meetme for conferencing, but are looking to move to SIP because of issues with an IAX control we're using. The reason we moved from SIP to IAX in the first place was because of the poor NAT traversal with SIP. At that stage we were using Asterisk 1.0.*. How does Asterisk 1.2.4 handle NAT traversal and firewalls compared to the older Asterisk? Have there been improvements? Or is SIP (obviously depending on what client you use) still poor when it comes to NAT traversal and firewalling? Many thanks Hagen _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
On Wednesday, February 15, 2006 1:59 PM John Jensen wrote:> Hi Hagen, > It's not exactly a pleasure to run SIP through firewalls but it can > be done. > At least in under some circumstances.If you use a decent Firewall it will analyze and interpret the SIP Headers etc. and open the correct ports for you. Only NAT trouble left then. Again... A decent Firewall will help! Regards, JP -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3104 bytes Desc: not available Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20060215/3aa965c8/smime.bin
Well, netfilter is a decent firewall :). Give the sip-conntrack helper a try, and then please tell me what u found. see: www.iptel.org/sipalg for help. Cheers. Mensaje citado por: \"Koopmann, Jan-Peter\" <Jan-Peter.Koopmann@seceidos.de>:> On Wednesday, February 15, 2006 1:59 PM John Jensen wrote: > > > Hi Hagen, > > It\'s not exactly a pleasure to run SIP through firewalls but it can > > be done. > > At least in under some circumstances. > > If you use a decent Firewall it will analyze and interpret the SIP Headers > etc. and open the correct ports for you. Only NAT trouble left then. > Again... A decent Firewall will help! > > Regards, > JP >__________________________________ Registrate desde http://servicios.arnet.com.ar/registracion/registracion.asp?origenid=9 y participá de todos los beneficios del Portal Arnet.
Well, netfilter is a decent firewall :). Give the sip-conntrack helper a try, and then please tell me what u found. see: www.iptel.org/sipalg for help. Cheers. Mensaje citado por: \\\"Koopmann, Jan-Peter\\\" <Jan-Peter.Koopmann@seceidos.de>:> On Wednesday, February 15, 2006 1:59 PM John Jensen wrote: > > > Hi Hagen, > > It\\\'s not exactly a pleasure to run SIP through firewalls but it can > > be done. > > At least in under some circumstances. > > If you use a decent Firewall it will analyze and interpret the SIP Headers > etc. and open the correct ports for you. Only NAT trouble left then. > Again... A decent Firewall will help! > > Regards, > JP >__________________________________ Registrate desde http://servicios.arnet.com.ar/registracion/registracion.asp?origenid=9 y participá de todos los beneficios del Portal Arnet. __________________________________ Registrate desde http://servicios.arnet.com.ar/registracion/registracion.asp?origenid=9 y participá de todos los beneficios del Portal Arnet.