[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, 7 Oct 2009, Rob Beard wrote:
Gordon Henderson wrote:You can do direct SIP to SIP calls without using the PSTN - but like Skype, the other end needs something compatible. (And NAT is going to stop it working anyway)So I guess if you have ADSL then you'd need a router which could do bridging or something along those lines so the Asterisk box is potentially getting the internet IP address?Would setting up the Asterisk machine as a DMZ machine (so everything by default goes to it) work?
SIP works very well with no NAT involved. With NAT things become much more complicated, alas.
Part of the issue is that a SIP endpoint will encode it's own IP address inside the data portion of the packet. This is picked up by the other end and used to pass the audio data back. so I'm behind a NAT router, internal IP of my desk phone is 192.168.254.100 and that's what the phone puts inside the data packet as it's own IP address - the remote SIP server then uses that to send audio data back to... and of-course fails as it can't be routed.
Also remember the audio data is passed on different ports to the command data. The command is really what SIP is about, the audio is RTP (realtime Transport Protocol) and carried on ports which are negotiated by the endpoints. A bit like FTP.
Now there are ways round this - tell the phone the external IP address, use a STUN server, use a router which does deep packet inspection and changes the SIP data packets (SIP ALG), use a SIP proxy server which does the same thing and so on.
Placing the PBX in the DMZ is possible, but then the phones may be on the inside and have to go through your own NAT firewall to access it...
And then how do you get data back to the phone if the SIP audio end-point is not the same IP address as the SIP server (which is allowed and does happen) - a NAT router may not allow a connection from a different IP address (one of their normal strong points). Worse still, if the SIP server is also behind a different NAT firewall - which will happen with a SIP PBX in the office and a remote phone at home...
So SIP and NAT are not the best of friends.Fortunately it is relatively well understood and so the work-arounds are possible and mostly easy to implement, but get it wrong and you're in the land of one-way audio at the best of times and nothing at the worst.
Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html