VoIP Server behind NAT - SIP problems

Joined: Sun 13 of Sep, 2009

Re: VoIP Server behind NAT - SIP problems

Posted:Sun 13 of Sep, 2009 (22:14 UTC)
Try configuring all devices to use the assistance of STUN servers, which facilitate the traversal of NATs.
STUN servers typically use ports 3478 and 3479.
A couple STUN servers to try are:

Joined: Wed 01 of Apr, 2009

Re: VoIP Server behind NAT - SIP problems

Posted:Wed 01 of Apr, 2009 (19:42 UTC)
this is typically a problem due to a firewall that blocks RTP and RTCP ports.
In fact, SIP walk through your NAT and your firewall. During SIP negociations, port numbers are choosen on which the audio stream will be transmitted using RTP (Real Time Protocol) and RTCP (Real Time Control Protocol). Your firewall blocks such ports. The problem is that such ports are dynamic, they are not always the same at each connection.
Did you ever tried to switch off your firewall just for tests ?
Joined: Fri 13 of Mar, 2009

VoIP Server behind NAT - SIP problems

Posted:Fri 13 of Mar, 2009 (12:48 UTC)
Hi everybody...

I'm brazilian, so, sorry if my english is quite bad. I hope you can understand and help me. So, let's go.

For a ling time, I'm trying (but not successfuly) to fix a situation in my voip infraetructure.

I need to provide a voip server behind a firewall which do the NAT to server into my LAN and I've found a specific problem with SIP protocol and the NAT.

Into the LAN everything works fine. Outside my network (from the internet) I can see the server, connect and register correctly, but can't receive calls.

I can perfectly start and do calls to anywhare, **FROM** registred client, without any problems. But, if a try receive calls on client (calling **TO** the registred client from the server), it doesn't work. In this case, the caller still hearing the call ton, even after the otherside had answered. In the remote side, when you answer, phone stay mute.

I've searched for the causes/solution for a long time, without success. It seems to me that is a kind limitation between SIP protocol and the NAT (Am I correct?).

To fix, I've tried update the firewall/NAT machine, upgrading the kernel version (from 2.6.18 to 2.6.25) and the iptables version (from 1.3.6 to to use nf_nat_sip and nf_conntrack_sip modules, which I've had read that can solve the problem (and didn't).

I also try connect the remote client directly from a PPoE connection (instead of a NAT connection tipicaly provided by the ADSL modems). I did that setting up my ADSL modem to the "bridge" mode and setting the PPoE connection directly in the ATA device. In both situations, my problem didn't fixed.

It seems to me that the asterisk have an option to workaround this kind situation, but here I have other problem: I'm not using the asterisk on server side, but a gateway product called HG 1500 by Siemens, used to provided a voip integration with PABX devices of their Hi-Path family.

On client side I'm using a Linksys ATA, model SPA2102.

The valid public IP is in the firewall, that is translated to the private address (on LAN) by iptables NAT SNAT/DNAT target. The rules which do this are:

iptables -t nat -A PREROUTING -p udp -i $IF_NET -d $IP_EXT -j DNAT --to $IP_INT
iptables -t nat -A POSTROUTING -p udp -o $IF_NET -s $IP_INT -j SNAT --to $IP_EXT
iptables -A FORWARD -p udp -d $IP_EXT -j ACCEPT
iptables -A FORWARD -p udp -d $IP_INT -j ACCEPT

There are no any other restriction to this traffic.

Can anyone help me with a way to fix this situation?

Thanks for all and, again, sorry if my english was so poor.

PS: By mistake, I've posted this case in "discussion" area. I'm sorry for this.