Saturday, February 23, 2008

Getting Asterisk to work behind a firewall

One of the main things you will need to get to work is Asterisk behind a firewall for the LOTS architecture. Asterisk doesn't support STUN and instead relies on pinholes and firewall policies to be tweaked. Here is what you need to do:

1) Set the externip in sip.conf to the firewall's extenal IP address. This address is used by Asterisk in all its signaling messages which are directed outside the firewall. E.g externip=123.123.123.123

2) Set the localnet variable to indicate. This is perhaps the most important thing to do since it indicates to Asterisk what is private - which means it knows what is public from a NAT perspective. If you don't specify this, Asterisk will not apply the externip and will assume every address is private. Things may not work as you expect. E.g localnet=192.168.0.0/255.255.255.0

3) In the firewall, open pinholes which redirect all traffic on the firewall IP address for the rtpstart and rtpend ports defined in rtp.conf to Asterisk.

For more general info, you can look at this link but it may have more than what you are looking for, so stay focused :).