On 13:52, Tue 18 Dec 07, Chris Tracy wrote: > All, > Below is the reason for my asking, for the curious: > > Currently, asterisk uses port 4569 as both the source and > destination port for all its outbound connections. This is generally > fine, but I find myself in a very frustrating NAT issue as a result of > iaxclient also defaulting to using 4569 for both source and destination > ports. We run several sites around the world, all using ENUM to place > calls between sites. Thus, none of the sites register with each other. > Thus, until a call is made, there is no connection between site A and site > B, and thus no NAT entries in the router at site B for site A. > > Normally, this is fine. A call is placed from A to B and the > packets come into the router at B and get NATed properly: > > A.ext:4569 - B.ext:4569 -> A.ext:4569 - B.int.asterisk:4569 > > The trouble though, comes when someone who normally works at site > A vists site B, but has their IAX softphone (zoiper) set to register back > to site A. By default, this softphone, like asterisk, uses 4569 for both > the source and destination port. Thus, if there is no call between site A > and site B and a softphone registers back to site A, a NAT mapping gets > created that looks like: > > A.ext:4569 - B.ext:4569 -> A.ext:4569 - B.int.softphone:4569 > > Now, for the life of this NAT entry, if someone at site A dials > site B, their call will be routed to the "lucky" softphone that got this > entry, and not to the asterisk server at site B. Of course, calls out > from site B to site A still work properly, since the NAT device just > changes the port number on the fly since 4569 already has a mapping: > > B.int.asterisk:4569 - A.ext:4569 -> B.ext:65535 - A.ext:4569 > > There are three options I see that would fix this: > > 1. Prevent the linux router at site B from giving the 4569/4569 conntrack > entry to a softphone. Would be great, but as far as I can tell, there's > no way to do this using a standard distribution kernel. (Hopefully I'm > wrong, but my research hasn't turned up anything at all useful in this > regard) > > 2. Reconfigure all softphones to use a port other than 4569 as their > source port. In theory this is possible, but a huge pain to find/change > every existing softphone, as well as to ensure that people don't > accidentally end up with the default config in the future causing the > same problem. > > 3. Reconfigure asterisk to use a port other than 4569 for its source port > on outbound connections. The number of asterisk servers relative to > softphones is small, and the asterisk servers are configured/controlled by > admins, not end users. Thus we could have some guarantee that this > solution couldn't be circumvented.
Why not let the softphones register to the closest asterisk box and use dundi to route the calls to the box where the softphone is registered ? We use this in a couple of setups with great success. Not with softphones, but with philips dect phones. -- Michiel van Baak [EMAIL PROTECTED] http://michiel.vanbaak.eu GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD "Why is it drug addicts and computer afficionados are both called users?" _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
