2

I have a linux Asterisk server that is behind a firewall. The firewall has three interfaces :

  • eth0 is the LAN, where Asterisk resides,
  • eth2 is the default gateway to the internet (via an ADSL modem / router),
  • eth3 is a secondary internet connection

If I let things as is, Asterisk connects to the SIP trunk just fine. It will be routed via the default route through eth2. eth2 is MASQUERADED.

If I define a static route to my SIP provider via eth3 (ip route add sip.provider.ip via gateway.ip dev eth3), I can ping the SIP proviver. Everything to and from my SIP provider is allowed by the firewall. But Asterisk will refuse to connect (peer become unreachable)...

I have used iptables TRACE to look at the packets, and they definitely get out via eth3. But I don't see any packet coming back. eth3 has also a MASQUERADE rule...

Removing the static route through eth3 restores the connectivity.

I'm looking for tips and hints to help troubleshooting the issue.

alci
  • 443
  • 2
  • 6
  • 15

1 Answers1

1

I suspect your asterisk server is configured to use UDP which is connectionless so the outgoing SIP request may contain the return IP address that the end user should use to connect back to you.

Check the externip setting in your sip configuration files:

Also take a look at the following which has lots of good stuff in it http://www.asteriskguru.com/tutorials/sip_nat_oneway_or_no_audio_asterisk.html

Getting a network trace using wireshark or tcpdump of both eth2 and eth3 will also shed more light on the issue

Phil
  • 3,168
  • 1
  • 22
  • 29
  • I don't have externip set, but I have externaddr, and I cannot tell the difference... I will try with externip. – alci Jan 26 '13 at 14:23
  • It does not seem to make a difference... And going through the default gateway (eth2), it works without externip... So I will try to go deeper into the packets... or maybe use trace route... – alci Jan 27 '13 at 06:26