I'm brazilian, so, sorry if my english is quite bad. I hope you can understand and help me. So, let's go.
For a ling time, I'm trying (but not successfuly) to fix a situation in my voip infraetructure.
I need to provide a voip server behind a firewall which do the NAT to server into my LAN and I've found a specific problem with SIP protocol and the NAT.
Into the LAN everything works fine. Outside my network (from the internet) I can see the server, connect and register correctly, but can't receive calls.
I can perfectly start and do calls to anywhare, **FROM** registred client, without any problems. But, if a try receive calls on client (calling **TO** the registred client from the server), it doesn't work. In this case, the caller still hearing the call ton, even after the otherside had answered. In the remote side, when you answer, phone stay mute.
I've searched for the causes/solution for a long time, without success. It seems to me that is a kind limitation between SIP protocol and the NAT (Am I correct?).
To fix, I've tried update the firewall/NAT machine, upgrading the kernel version (from 2.6.18 to 2.6.25) and the iptables version (from 1.3.6 to 126.96.36.199) to use nf_nat_sip and nf_conntrack_sip modules, which I've had read that can solve the problem (and didn't).
I also try connect the remote client directly from a PPoE connection (instead of a NAT connection tipicaly provided by the ADSL modems). I did that setting up my ADSL modem to the "bridge" mode and setting the PPoE connection directly in the ATA device. In both situations, my problem didn't fixed.
It seems to me that the asterisk have an option to workaround this kind situation, but here I have other problem: I'm not using the asterisk on server side, but a gateway product called HG 1500 by Siemens, used to provided a voip integration with PABX devices of their Hi-Path family.
On client side I'm using a Linksys ATA, model SPA2102.
The valid public IP is in the firewall, that is translated to the private address (on LAN) by iptables NAT SNAT/DNAT target. The rules which do this are:
iptables -t nat -A PREROUTING -p udp -i $IF_NET -d $IP_EXT -j DNAT --to $IP_INT
iptables -t nat -A POSTROUTING -p udp -o $IF_NET -s $IP_INT -j SNAT --to $IP_EXT
iptables -A FORWARD -p udp -d $IP_EXT -j ACCEPT
iptables -A FORWARD -p udp -d $IP_INT -j ACCEPT
There are no any other restriction to this traffic.
Can anyone help me with a way to fix this situation?
Thanks for all and, again, sorry if my english was so poor.
PS: By mistake, I've posted this case in "discussion" area. I'm sorry for this.