Re: [Astlinux-users] RFC: IMPORTANT astfw changes

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On 3/2/07, Lonnie Abelbeck <li...@lo...> wrote:
>
> On Mar 2, 2007, at 3:12 PM, Kristian Kielhofner wrote:
>
> >   In this scenario, the NAT code in the Linux kernel will attempt to
> > use port 5060 on the external interface of the AstLinux machine.  It
> > does this for three reasons:
> >
> > 1)  5060 is above 1023
> > 2)  It defaults to using the same port that is used on the internal
> > side (if possible)
> > 3)  It doesn't know that there is something listening on that port
> > locally.
>
> Kristian,
>
> I don't understand your #3.
> If you want your asterisk box to 'listen' on 5060, you have to port
> forward 5060 to your asterisk box (192.168.1.10)
>
> using "ipnat" on FreeBSD
> rdr sis1 0/0 port 5060 -> 192.168.1.10 port 5060 udp
>
> This would make port 5060 on the WAN interface unavailable, when a
> SIP phone registered out the WAN, correct?
>
> I instincts say your suggested changes are unnecessary,
>
> but then again, I use m0n0wall. <smile>
>
> Lonnie
>

Lonnie,

  I think it is possible that you are misunderstanding me.

  Basically, if you use AstLinux in router mode and register a
DIFFERENT SIP device behind it (nothing to do with Asterisk at all),
you will block access to port 5060 because the Linux kernel will (by
default) PAT using the same external port number as the device.

  Not only is m0n0 FreeBSD based (I don't know what the PAT specifics
are there), it doesn't run Asterisk so it doesn't have this problem.

-- 
Kristian Kielhofner