On 09/09/2013 07:48 PM, Eric Wieling wrote:
Try this as an example of why it doesn't matter.
1) On windows open a cmd prompt or on linux open up a local terminal.
2) open a web browser and connect to a web site like cnn.com
3) on windows type "netstat -n" in the command prompt, in linux type netstat -n
--ip
For example on my system, the local IP is 172.17.3.111. Notice below how the
port on my local system is NOT 80, even though the port on the remote system
is? This is simply how TCP and UDP work. When you are looking at your iax
peers you are seeing the REMOTE IP and REMOTE port, which seldom matters. It
is the port on the client you are connecting TO which matters, not the port
which you are connecting FROM. TCP and UDP do not allow more than one
connection using the same source IP/source port/destination IP/destination port
(called a tuple). For most things the source port does not matter so the
operating system assigns whatever source port it wants to. NAT routers will
often change the source port when the connection is NAT'd. These are
fundamental IP networking concepts whi
ch all people doing VoIP should know, but most don't. I'm sure there are
many books on TCP/IP networking which explain it better than I have explained
it.
Active Connections
Proto Local Address Foreign Address State
TCP 172.17.3.111:22020 157.166.226.25:80 ESTABLISHED
TCP 172.17.3.111:22021 157.166.249.10:80 ESTABLISHED
TCP 172.17.3.111:22022 23.63.227.185:80 ESTABLISHED
TCP 172.17.3.111:22023 23.63.227.185:80 ESTABLISHED
TCP 172.17.3.111:22024 23.63.227.185:80 ESTABLISHED
TCP 172.17.3.111:22025 23.63.227.185:80 ESTABLISHED
TCP 172.17.3.111:22026 23.63.227.185:80 ESTABLISHED
TCP 172.17.3.111:22027 23.203.4.211:80 ESTABLISHED
TCP 172.17.3.111:22028 23.63.227.185:80 ESTABLISHED
TCP 172.17.3.111:22029 4.27.18.126:80 ESTABLISHED
TCP 172.17.3.111:22030 4.27.18.126:80 ESTABLISHED
TCP 172.17.3.111:22031 4.27.18.126:80 ESTABLISHED
TCP 172.17.3.111:22032 4.27.18.126:80 ESTABLISHED
TCP 172.17.3.111:22033 4.27.18.126:80 ESTABLISHED
TCP 172.17.3.111:22034 4.27.18.126:80 ESTABLISHED
TCP 172.17.3.111:22035 74.217.240.83:80 ESTABLISHED
TCP 172.17.3.111:22036 23.63.227.123:80 ESTABLISHED
TCP 172.17.3.111:22037 12.130.81.225:80 ESTABLISHED
TCP 172.17.3.111:22038 4.26.252.126:80 ESTABLISHED
TCP 172.17.3.111:22039 4.26.252.126:80 ESTABLISHED
TCP 172.17.3.111:22040 4.26.252.126:80 ESTABLISHED
TCP 172.17.3.111:22041 4.26.252.126:80 ESTABLISHED
TCP 172.17.3.111:22042 4.26.252.126:80 ESTABLISHED
TCP 172.17.3.111:22043 4.26.252.126:80 ESTABLISHED
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Sean Darcy
Sent: Monday, September 09, 2013 7:00 PM
To: [email protected]
Subject: Re: [asterisk-users] iax2: two users can't authenticate from same ip
address
On 09/09/2013 03:37 PM, Eric Wieling wrote:
Again, that port is assigned by your NAT router. Asterisk cannot control the
source port if the incoming packet. That is set by your NAT router and client
and likely has nothing to do with your problem.
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Sean
Darcy
Sent: Monday, September 09, 2013 3:30 PM
To: [email protected]
Subject: Re: [asterisk-users] iax2: two users can't authenticate from
same ip address
Dial("IAX2/home-14358", "IAX2/gn") in new stack
-- Called IAX2/gn
CLI> iax2 show peers
Name/Username Host Mask Port
Status Description
gn <gnipaddr> (D) 255.255.255.255 9007 OK
(179 ms)
............
[Sep 9 19:11:36] WARNING[530]: chan_iax2.c:3552 __attempt_transmit: Max retries
exceeded to host <gnipaddr> on IAX2/gn-11311 (type = 6, subclass = 11,
ts=10018, seqno=1)
-- Hungup 'IAX2/gn-11311'
Again, what's with this port 9007? Is asterisk assigning it? I thought all iax
traffic went over 4569.
Of course, this could be a zoiper problem.
sean
But the problem is it's not MY nat router; it's amazon's. And if you only have only have
one iax device registered, it's always 4569, So why does amazon assign a different port
to the second iax device? How would it even "know"?
sean
Well, I may be confused, but iax show peers is showing the remote port,
the port it will connect TO, right?
netstat doesn't show the asterisk connections at all, just the STUN server:
netstat -nu --ip
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
udp 0 0 <myipaddr>:60766 66.228.45.110:3478 ESTABLISHED
If the server sends out packets to port 9007 the client won't see it.
The client (zoiper) must send to 4569, and if it didn't the amazon
Security Group would drop it. I get NAT port translation, but I don't
see how that applies here.
Maybe a different question would be helpful. Let's assume no NAT; the
server is directly connected with an FQDN. Two iax devices register.
Does asterisk assign them different ports?
sean
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
