On 18 Nov 2005, at 22:01, Piotr A. Sygula wrote:
If teliax ever wants to connect to your asterisk box, as in if they're
providing a DID for you, you will need to allow teliax through the
firewall.
If you're the one originating the connection to them, you don't
need to open
the ingress port.
I don't believe so. By registering with the remote server,
you are giving them the NAT port to get back into your
server with. All communications will take place on that
port.
Registration has nothing to do with NAT. The key here is which side
initiates the connection. Of course this is all under the
assumption that
Joseph's firewall is statefull.
Ah, but registration does have something to do with it.
Classic IAX re-registers often enough to keep a 'udp connection' (ugh)
open through most domestic stateful firewalls.
Put another way, Joseph's Asterisk is sending out UDP packets to
teliax every
300 seconds (say) (either to register or these days to 'qualify' the
link). The firewall
sees any inbound packets IAX from teliax as part of that conversation
and passes them
in to Asterisk.
This fails if both the re-registration and qualify period is longer
than the
time Joseph's firewall keeps the udp state.
As to how to debug the original problem, get the firewall to log
filtered packets and see if
any are from teliax. Also turn on IAX debugging and send us the
relevant logs.
Tim.
_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --
Asterisk-Users mailing list
Asterisk-Users@lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
