Damon Estep
2006-May-01 17:35 UTC
[Asterisk-Users] Using frequent keepalives to eliminate need forNAT port forwarding?
Qualify=yes will send a SIP OPTIONS periodically and keep the NAT open, if you use 1 to 1 NAT (versus PAT where it is "many to one NAT") it will work because port 5060 on the private address will still be port 5060 on the public address. With PAT the port could be anything over 1024, but usually much higher, and the originator will send to port 5060, which your NAT router will drop.> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users- > bounces@lists.digium.com] On Behalf Of Tom Engleward > Sent: Monday, May 01, 2006 6:25 PM > To: asterisk-users@lists.digium.com > Subject: [Asterisk-Users] Using frequent keepalives to eliminate need > forNAT port forwarding? > > I have an asterisk system behind NAT, and need to > connect to public PSTN originators via SIP or IAX2, > but don't have the option of forwarding any ports > (4569, 5060, etc) to the asterisk system. However, the > NAT system does properly establish transient UDP > forwarding on the basis of outgoing connections, so is > it possible to configure asterisk to send frequent > keepalive UDP packets (say every 30 seconds) from > ports 4569 and 5060 to the PSTN originators in order > to keep the NAT system's transient forwarding in > effect, so that when the PSTN originator receives > inbound calls and attempts to contact my asterisk > system, the NAT system won't drop the packets? > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > Asterisk-Users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users
Tom Engleward
2006-May-02 06:47 UTC
Using qualify=yes guarantees failure on iax2 behind NAT (was: RE: [Asterisk-Users] Using frequent keepalives to eliminate need forNAT port forwarding?)
--- Damon Estep <damon@suburbanbroadband.net> wrote:> Qualify=yes will send a SIP OPTIONS periodically and > keep the NAT open, > if you use 1 to 1 NAT (versus PAT where it is "many > to one NAT") it will > work because port 5060 on the private address will > still be port 5060 on > the public address.Tried that, and it just turned an intermittent failure into a permanent failure. I added: qualify=yes qualifyfreqnotok=15000 qualifyfreqok=20000 qualifysmoothing=yes to the peer details for the iax trunk in asterisk@home and hit the big red "reload" line at the top. Then "iax2 show peers" on the console showed under status that the peer was indeed being monitored and was ok and had a ping of about 100ms, and "iax2 debug" showed all the keepalive messages every 20 seconds, as intended. And calling to my assigned DID using my PSTN provider's own outbound termination (so that the call was both outbound and inbound on my iax2 trunk), the call worked as usual. But calling from an external phone (so that my iax2 trunk would see only the inbound connection), my asterisk system failed to ever answer at all, and "iax2 debug" showed no indication that it ever even noticed any incoming call. So I deleted those four "qualify" lines and hit asterisk@home's big red "reload", yet "iax2 show peers" STILL showed the peer being monitored! And asterisk still refused to answer external incoming calls. So I did "restart gracefully" and asterisk finally actually honored my deletion of the "qualify" lines ("sip show peers" now once again shows status as "Unmonitored", as before), and once again asterisk notices and answers incoming calls placed not only from my PSTN provider's own termination but also from external phones... though of course it's probably going to start failing intermittently again, as usual. So now I have a new question (besides my original, about how to ensure that asterisk _always_ answers the phone): why would enabling "qualify" cause an immediate and consistent failure to ever answer incoming external phone calls? __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com