Asterisk behind NAT for DUMMiES
Posted by LiNTEKMay 1
I have been searching the web for an asterisk behind NAT configuration but couldn’t find a short but definite example so I decided to create a working example configuration of asterisk behind NAT. So if you guys are currently having problems configuring your asterisk behind NAT, please feel free to use my example below:
Put the following in your rc.local:
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -t nat -A POSTROUTING -o eth0 -j SNAT –to your.public.ip.here
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p udp –dport 10000:20000 -j DNAT –to-destination 192.168.30.1
iptables -t nat -A PREROUTING -p udp –dport 5060 -j DNAT –to-destination 192.168.30.1
iptables -A FORWARD -p udp -s 192.168.30.1 -j ACCEPT
iptables -A FORWARD -p udp –dport 10000:20000 -d 192.168.30.1 -j ACCEPT
iptables -A FORWARD -p udp –dport 5060 -d 192.168.30.1 -j ACCEPT
your sip.conf should be:
[general]
context=default
port = 5060
bindaddr = 0.0.0.0
context = default
externip = your.public.ip.here
nat=yes
localnet=192.168.30.0/255.255.255.0
canreinvite=no
Sample gateway-to-gateway SIP config for sip.conf:
[toyoursipprovider]
type=friend
host= sip.provider.gateway.ip
canreinvite=no
disallow=all
allow=g729
allow=ulaw
dtmfmode=rfc2833
ENJOY!
very good post.
Thank you!