rgm at htt-consult.com Guest
|
Posted: Fri Jan 11, 2008 11:04 am Post subject: [asterisk-users] More detalis: Re: SIP URI question and NAT |
|
|
OK. I will continue this thread. I have learned a lot through a lot of
tcpdumps. So I am top posting so new understanding does not get hidden.
Senario:
Asterisk publicly addressed behind a firewall. Two different firewalls
available: Linksys WRT54G running sveasoft and Centos using Netfilter
configured with Shorewall. Both firewalls have the same IP addresses,
switching them is a matter of switching cables. With Linksys, I have
turned NAT off, but still needed to define the *box as the dmzbox.
Problem:
inbound calls work with Linksys not with Netfilter (no voice).
Observation 1:
With Linksys, the INVITE for inbound calls have redirect information.
The RTP flow goes to the different Broadvoice server. With Netfilter,
the INVITE lacks this additional information. The RTP flow goes to the
Broadvoice server * is registered to, and that box replys with an ICMP
port not available.
Observation 2:
The REGISTER coming from * has Contact: Phone#@foo.com. Linksys alters
this to Phone#@foo.com:5060. In fact it alters many SDP values to add
the port number (this was determined by tcpdumps on both sides of the
Linksys box). Of course the Netfilers box does NOT mangle. Further
looking at the INVITEs, this port number information seems to be important.
Conclusion:
Broadvoice is NOT acting properly with only Phone#@foo.com, it needs
Phone#@foo.com:5060.
Next step:
How do I get * to directly include the port number? I tried nat=yes,
but this did not make a difference.
Johansson Olle E wrote:
Quote: | 10 jan 2008 kl. 15.24 skrev Robert Moskowitz:
Quote: | I am seeing slight differences in URIs.
In the case where things work, the URI is user at sip.foo.com where it
does not work is user at sip.foo.com:5060
In the first case I suspect that Asterisk did something, perhaps at
startup, where it 'decided' it was behind a firewall, so let the
firewall do the port mapping.
In the second case I suspect whatever Asterisk was doing at startup
indicated it was wide open so it supplies the 5060 port number.
Is Asterisk doing any discovery at startup?
| First, don't start a new mail in an old thread. Thanks.
Your mail doesn't have enough information on what goes wrong and where,
so there is little I can say to help you. There's no information about
how
you are using the SIP uri in Asterisk.
In general, if there's a port number attached to the domain part in a
URI,
this indicates that the domain name is actually a host and that a SIP
device should
*not* lookup any SRV records.
/O
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
|
|
|