asterisk users - May 2006 - Using frequent keepalives to eliminate need forNAT port forwarding?

Qualify=yes will send a SIP OPTIONS periodically and keep the NAT open,
if you use 1 to 1 NAT (versus PAT where it is "many to one NAT") it
will
work because port 5060 on the private address will still be port 5060 on
the public address.

With PAT the port could be anything over 1024, but usually much higher,
and the originator will send to port 5060, which your NAT router will
drop.

> -----Original Message-----
> From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-
> bounces@lists.digium.com] On Behalf Of Tom Engleward
> Sent: Monday, May 01, 2006 6:25 PM
> To: asterisk-users@lists.digium.com
> Subject: [Asterisk-Users] Using frequent keepalives to eliminate need
> forNAT port forwarding?
> 
> I have an asterisk system behind NAT, and need to
> connect to public PSTN originators via SIP or IAX2,
> but don't have the option of forwarding any ports
> (4569, 5060, etc) to the asterisk system. However, the
> NAT system does properly establish transient UDP
> forwarding on the basis of outgoing connections, so is
> it possible to configure asterisk to send frequent
> keepalive UDP packets (say every 30 seconds) from
> ports 4569 and 5060 to the PSTN originators in order
> to keep the NAT system's transient forwarding in
> effect, so that when the PSTN originator receives
> inbound calls and attempts to contact my asterisk
> system, the NAT system won't drop the packets?
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
> 
> Asterisk-Users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users

--- Damon Estep <damon@suburbanbroadband.net>
wrote:
> Qualify=yes will send a SIP OPTIONS periodically and
> keep the NAT open,
> if you use 1 to 1 NAT (versus PAT where it is "many
> to one NAT") it will
> work because port 5060 on the private address will
> still be port 5060 on
> the public address.
Tried that, and it just turned an intermittent failure
into a permanent failure. I added:
qualify=yes
qualifyfreqnotok=15000
qualifyfreqok=20000
qualifysmoothing=yes
to the peer details for the iax trunk in asterisk@home
and hit the big red "reload" line at the top. Then
"iax2 show peers" on the console showed under status
that the peer was indeed being monitored and was ok
and had a ping of about 100ms, and "iax2 debug" showed
all the keepalive messages every 20 seconds, as
intended. And calling to my assigned DID using my PSTN
provider's own outbound termination (so that the call
was both outbound and inbound on my iax2 trunk), the
call worked as usual. But calling from an external
phone (so that my iax2 trunk would see only the
inbound connection), my asterisk system failed to ever
answer at all, and "iax2 debug" showed no indication
that it ever even noticed any incoming call.
So I deleted those four "qualify" lines and hit
asterisk@home's big red "reload", yet "iax2 show
peers" STILL showed the peer being monitored! And
asterisk still refused to answer external incoming
calls.
So I did "restart gracefully" and asterisk finally
actually honored my deletion of the "qualify" lines
("sip show peers" now once again shows status as
"Unmonitored", as before), and once again asterisk
notices and answers incoming calls placed not only
from my PSTN provider's own termination but also from
external phones... though of course it's probably
going to start failing intermittently again, as usual.

So now I have a new question (besides my original,
about how to ensure that asterisk _always_ answers the
phone): why would enabling "qualify" cause an
immediate and consistent failure to ever answer
incoming external phone calls?


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com