François Delawarde wrote:
Thank you for suggestions, below are my comments:
You are welcome.
It's actually the first thing i tried, but as I need to offer service to both WAN and LAN, and the Asterisk SIP cannot bind to multiple IPs. It only offers to bind it to a unique IP or 0.0.0.0 (and from the feedback i got, they don't intend to implement that any time soon). I could probably run multiple instances or implement this myself, but I don't have that much talent and time to do those complicated things. :-)
Um, I'm going to have to disagree with you. I have run Asterisk in the past (in production) where it would bind to multiple IPs. The only caveat that I can think of is that it may only bind to one IP in a subnet, or some other strangeness with this. .... I just logged in to a colleague's system that is running Asterisk for about 4 different subnets on one system. Asterisk is bound to 0.0.0.0 so that it can serve any and all subnets. If you would like help configuring Asterisk bind to multiple subnets let me know (via direct email) and I'll be glad to try to help.
I tried the owner match thing, maybe I did it wrong, but I end up with the same type of problems. When Asterisk needs to send traffic to WAN, it seem to bind to one of the two WAN IPs at random, and I end up with the same NATing problems when it chooses the wrong interface/IP. I also tried to inverse that: MARK all packets that are not Asterisk, put a special rule/table for that traffic and configure "default" (from all) routing table to only one WAN interface. I'm not 100% sure if i did it correctly, but do you think it's worth trying again?
If Asterisk is only listening to one IP and you are routing to get to your other network, you could end up with some really weird issues that will be very difficult to over come, probably MUCH harder than resolving the issue with Asterisk only binding to one interface.
Maybe this could be the type of solution I'm looking for if only i knew a little more about that. Do you know how a process chooses an IP when binding to 0.0.0.0? Is the kernel doing this, and how/when? Maybe I could cheat in that case, and make Asterisk or the kernel or whichever does the binding think that there is only one WAN interface.
As I understand it, when processes let the system choose the proper IP to use, the system will chose the IP that is associate with the closest route to the destination. In short, if the target is on Subnet A, then the IP for Subnet A will be used. If the target is on Subnet B, then the IP for Subnet B will be used.
Also do you think that I could use some help from the netfilter SIP helper? I didn't try but I think it would probably do the same.
I'm not familiar with the SIP connection tracking helper. However, I do believe it would be worth your time to investigate it to see if it will help you. If you do continue to SNAT / MASQUERADE your outbound SIP traffic, there is a good chance that the SIP helper will indeed help. This is of course presuming that the SIP helper is meant to help the SNAT / MASQUERADE module correctly choose the information that gets put in to packets. Think about how the FTP connection tracking helper works when dealing with active / passive data streams and ports.
Grant. . . . _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
