[VoIP] SIP/firewall problem - the saga
John R. Covert
john_reads_cnet_via_archives at covert.org
Sun Nov 19 21:34:44 CST 2006
You will never see an end to problems attempting to do SIP connections
from outside a NAT router to an Asterisk box.
Unless an Asterisk box is ON a public IP address (i.e. the actual
interface _is_ the public address, with no NAT translation) you will
have constant problems with clients trying to register. You may be
able to get one client to work, and then others will stop working.
There really is no NAT solution.
If you intend to provide service to SIP clients you MUST be on the
public internet. It's fine to be behind a firewall, but it must
_not_ be doing any NAT translation of _either_ ports _or_ IP
addresses for the Asterisk box. That means your router must be
routing multiple IP addresses through to your internal network,
or your router must be your asterisk box.
To be a "service provider" (even for your own portable ATAs or
phones or softclients), you really want to make your Asterisk
box BE your firewall. Two NICs, one plugged directly into your
internet connection, the other one providing your inside service.
Nothing else will work reliably. Asterisk is simply not designed
to handle NAT well at all, except for a small number of cases of
outbound-only registrations.
/john
More information about the VoIP
mailing list