Sorry for my previous post I misunderstood the problem. You should set canreinvite=no to all sip peers that connect from outside.
On 10/31/06, C F <[EMAIL PROTECTED]> wrote:
Seems to me that you have a routing problem, asterisk should not know how to send packets to an outside IP using the NATed network. Make sure that the internal (NAT) interface doesn't have a gateway to it. On 10/31/06, Brad Templeton <[EMAIL PROTECTED]> wrote: > > I've read a lot of the descriptions of handling NAT with Asterisk, > and the use of both the nat and canreinvite flags. I am very > familiar with Sip and NAT but have not seen an answer to the following > question. > > > My Asterisk server runs on a machine with two ethernets. One is > an external net, with exposed IP addresses. The other is an internal > net with natted IP addresses. Thus the server has two addresses. > > The server is _not_ the NAT gateway. That's a linksys box which has > its own external IP to gateway traffic from the internal natwork. > > The phones are on the internal NATwork. Asterisk talks to them over > it. Outside peers, such as SIP termination providers etc. talk > to the Asterisk server via its outside address, which is as you > would expect. > > However, from time to time I get the famous one-way audio because > Asterisk has decided to do a native bridge between a natted SIP > phone and an external SIP peer. It sends the internal IP of > the SIP phone in the SDP and of course the outside service can't > send packets to that. > > I could just turn off reinvites on the internal phones, but this > would cause them to route all traffic through the asterisk box, > even on internal calls between phones on the same ethernet, which > seems foolish to me. I don't want to turn off reinvites to the > external peers -- if a call comes in from a SIP originator for example, > and is send back out to a SIP terminator (call forwarding) I want > a native bridge for sure. (Handling the internal traffic is not > so much of a burden though sometimes I hear latency because of it, but > routing external traffic through the asterisk box is a bad thing.) > > So what I want is for Asterisk to use native bridges when connecting > two channels behind the NAT, or two channels on the real internet, but > not to do so when connecting an internal and external channel. > > It should be able to see the IP addresses, and know the difference between > natted and external ones and know they can't talk to one another. > (The ICE protocol would handle this someday.) > > Is IAX smarter about this? > > Of course I might even want to get smarter about this. Is it possible, > typically by configuring stun in the phones, to have them be aware of their > external IP and tell Asterisk about it? With a full cone NAT, it would > work to do a native bridge between the internal and external devices > so long as the external device is given the right address and port of > the NAT box, not the internal address of the phone. However, we don't > want to do this on internal to internal calls -- many NATs can't hairpin. > > > I would think this would be a common situation (though perhaps more > commonly the asterisk server IS the firewall/NAT.) Is there a > solution that does the right thing most of the time? > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
_______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
