Routers that do not show external IPs…

Home » Asterisk Users » Routers that do not show external IPs…
Asterisk Users 14 Comments

I have a customer that has a Trendnet TEW-435BRM router which has the
bad habit of rewriting all external connections so the Asterisk server
only sees the IP address of the router itself. Up to today this has not
been a problem since all extensions are on the local network but now
they want to have a couple external IP phones (SIP).

I opened up the ports on the router and my phone can register. The
problem is that I have no audio because Asterisk thinks that the phone
is on the internal network and does not use the NAT and externip
settings. How do you deal with this kind of router so you can have
external phones?

14 thoughts on - Routers that do not show external IPs…

  • Typically that is an option you can turn off. It is meant to help with SIP
    translations and such through the router, but as you’re finding out, they
    typically just get in the way.

    Check through the web interface/configuration and see if there is anything about
    VoIP or SIP support in the router, and disable it.

    Leif.

  • By replacing the crappy router with a decent one. An other good reason
    for replacement would be the lack of WPA AES on it. Yet another reason
    to replace it is that your labour costs are probably higher than this
    90$ router.

    But what ports did you open? Only sip or also the RTP ports?

  • I opened SIP and RTP, after that I put the server on the DMZ but I
    still get no audio on the external phone.

    My problem is that we do not administer the customers network and the
    just bought their brand new “super” router.

  • If it wouldn’t do that then your phone wouldn’t be able to connect to
    the internet as the private IP it has is non routeable.

  • use dyndns in your router
    and put the domain name in externhost
    and by sure to configure your localnetwork in sip.conf

  • You are missing the point completely. Maybe I did not explain myself
    clearly. The problem is that when you connect to the server from
    outside the network (Internet), Asterisk does not see the IP address of
    the device, it thinks the device is connecting from the IP address of
    the router itself (192.168.X.X). This means that even if you have
    externip, nat=yes and localnet configured properly, Asterisk will think
    that the phone is on the internal network (because of localnet) and will
    NOT use the external IP address to communicate with the external phone.

    This is not a problem with Asterisk. The router rewrites all external
    connections with its own IP so even a SSH connection will seem to be
    coming from the router (the ‘w’ command will say you are connected from
    the router and not from the IP address of your Internet connection).

  • OMG thats the worst kind of doing everything wrong as possible i ever
    heard of. I wonder if this router works in ANY way.

    You can try to turn of these ALG features which the router have build in
    and also these SPI (statefull packet inspection).

    best regards

    stefan

  • Am 14.10.2010 20:29, schrieb Tim Nelson:
    yes thats the definition of NAT, but in that case the router should not
    touch the IP headers or atleast SIP headers.
    and it looks like the router also touches TCP header cause your the
    source IP of an TCP connection would never be the gateway ip in a
    typical NAT setup.
    Sorry if this is shocking for you, but i have seen really a big amount
    of different routers doing different thing very wrong but changing
    source IPs of TCP connections is really worst.
    No Nat is only Translation but ALG makes it allways wrong 😉

  • Am 14.10.2010 21:06, schrieb Tim Nelson:

    to the outside yes but not inside.

    for example thats how a typical nat table looks like. (its from a zyxel
    adsl router with nat)

    ========================Nat session table==============================
    Slot Prot Int-IP :Port Out-IP :Port Ext-IP :Port Idle
    =======================================================================
    45 TCP 192.168.0.1 :6023 xxx :6023 zzz :44450 0
    121 UDP 192.168.0.129 :5061 xxx :10619 sip1:5060 4
    135 UDP 192.168.0.129 :5060 xxx :10618 sip2:5060 3

    ========================Summary information=============================

    192.168.0.129 is a sip phone with 2 accounts registered to sip1 and sip2.

    if i take a look at sip1 i will see the package from ip xxx port 10619.
    Ofcourse its behind nat but i will see in the contact header
    192.168.0.129 port 5061. With sip ALG active also the contact header
    would be changed to xxx port 10619.
    Other way if i look on the phone i see the answer from sip1 directly as
    a message from sip1 port 5060 and not from xxx port 10619 or 192.168.0.1.

    several things wont work if you dont get the original source ip through
    a nat router.

    thats how i have learned it and see it everyday in practice.

    best regards

    stefan

  • This router is completely broken, it will never function since the
    router has no way to relate the RTP stream from * to external to the
    correct external host unless it has a really good SIP helper (one that
    actually works instead of just breaking more stuff 🙂

    But I guess you should have atleast 1 audio leg working if you call an
    internal phone (with canreinvite=no). That isn’t the case?

    This has to be a configuration error, you’ll have to get in touch with
    the admin to setup NAT routing without rewriting the external
    adress/port.