NAT and dynamic IP

[james]

I just implemented this at home and Thought I would share it. I have a dynamic IP so nat can be a pain in the but. There are other solutions this is how I roll

The Script! "sipupdate" is modified from the asterisk contrib dir for my bidding:

#!/bin/sh

# sip_nat_settings: generate NAT settings for sip.conf of an Asterisk system
#                   that is behind a NAT router.
#
# This is a script to generate sane defaults for externip and localnet
# of sip.conf. The output should be included in the [general] section of
# sip.conf .
#
# Multiple network interfaces: If you have multiple network interfaces,
# this script will generate a 'localnet' line for each of them that has a
# broadcast (ipv4) address, except the loopback interface (lo). You can
# later rem-out all of those you don't need.
#
# Alternatively, provide a network interface as a parameter an a localnet
# line will only be generated for its network.
#
# Copyright (C) 2005 by Tzafrir Cohen <[email protected]>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

WGET=`which wget`
if [ -x ${WGET} ]; then
        externip=`${WGET} -q -O- http://www.whatismyip.org`
elif [ -x ${FETCH} ]; then
        externip=`${FETCH} -q -o - http://www.whatismyip.org`
else
        echo "no binary found to contact http://www.whatismyip.org"
        exit 1
fi

# optional parameter: network interface to use. By default: none.
IFACE="$1"
;;
esac
OS=`uname -s`
case "$OS" in
Linux)
#  echo "externip = $externip"
#  /sbin/ifconfig $IFACE | grep 'inet addr:' | grep Bcast \
#  | sed -e 's/^.*Bcast:\([0-9.]*\)\s*Mask:\([0-9.]*\)\s*$/localnet = \1\/\2/'

localnet=$(/sbin/ifconfig $IFACE | grep 'inet addr:' | grep Bcast \
  | sed -e 's/^.*Bcast:\([0-9.]*\)\s*Mask:\([0-9.]*\)\s*$/\1\/\2/')
echo "$localnet $externip"

  ;;
OpenBSD|FreeBSD)
  if [ "${OS}" = "FreeBSD" ]; then
          VER=`uname -r | cut -d . -f 1`
          if [ ${VER} -lt 7 ]; then
                  echo "Unsupported OS"
                  exit 1
          fi
  fi
  ip=`/sbin/ifconfig $IFACE | awk '/\tinet .* broadcast/{print $6}'`
  x=`/sbin/ifconfig $IFACE | awk '/\tinet .* broadcast/{print $4}'`
if [ -x ${WGET} ]; then
        externip=`${WGET} -q -O- http://www.whatismyip.org`
elif [ -x ${FETCH} ]; then
        externip=`${FETCH} -q -o - http://www.whatismyip.org`
else
        echo "no binary found to contact http://www.whatismyip.org"
        exit 1
fi

# optional parameter: network interface to use. By default: none.
IFACE="$1"

OS=`uname -s`
case "$OS" in
Linux)
#  echo "externip = $externip"
#  /sbin/ifconfig $IFACE | grep 'inet addr:' | grep Bcast \
#  | sed -e 's/^.*Bcast:\([0-9.]*\)\s*Mask:\([0-9.]*\)\s*$/localnet = \1\/\2/'

localnet=$(/sbin/ifconfig $IFACE | grep 'inet addr:' | grep Bcast \
  | sed -e 's/^.*Bcast:\([0-9.]*\)\s*Mask:\([0-9.]*\)\s*$/\1\/\2/')
echo "$localnet $externip"

  ;;
OpenBSD|FreeBSD)
  if [ "${OS}" = "FreeBSD" ]; then
          VER=`uname -r | cut -d . -f 1`
          if [ ${VER} -lt 7 ]; then
                  echo "Unsupported OS"
                  exit 1
          fi
  fi
  ip=`/sbin/ifconfig $IFACE | awk '/\tinet .* broadcast/{print $6}'`
  x=`/sbin/ifconfig $IFACE | awk '/\tinet .* broadcast/{print $4}'`
  printf 'localnet = %s/%u.%u.%u.%u\n' $ip $(($x>>24&0xff)) $(($x>>16&0xff)) $(($x>>8&0xff)) $(($x&0xff))
  ;;
*)
  echo >&2 "$0: Unsupported OS $OS"
  exit 1
  ;;
esac

LastIP=$(cat /tmp/lastIP)
if [ "$LastIP" != "$externip" ]; then

echo "externip = $externip" > /etc/asterisk/sip_extip.conf
echo "localnet = $localnet" >> /etc/asterisk/sip_extip.conf
asterisk -rx "sip reload"
echo $externip > /tmp/lastIP
fi

The crontab via crontab -e:

59 * * * * /root/sipupdate

At the appropriate location in sip.conf

#include sip_extip.conf

sip_extip.conf only has localnet and extip it is up to you for all other nat settings..


Hope someone finds this useful...

 

[kcallis]

I keep getting this error:

./sipupdate: line 120: syntax error: unexpected end of file

 

[Bitnetix]

kcallis, a few questions.

When you run this script, what user are you running it as?

Can you post or PM me with the output from the following commands:
env
set

What OS are you running?

Thanks.

I keep getting this error:

./sipupdate: line 120: syntax error: unexpected end of file

 

[Rrrr]

Similarly, I installed the script referred in this article: http://knol.google.com/k/ward-mundy/pbx-in-a-flash/3uqc77rg9tgar/2?hl=en#

But I cannot get it to work, it appears not to run at all.
My dynamic IP address changed, but the sip_nat.conf and sip_custom.conf did not.

Here's what I did:
1. changed localnet in the script to 192.168.10.0 (my localnet)
2. sip_custom.conf contains
externip=94.159.144.238
localnet=192.168.10.0/255.255.255.0
localnet=192.168.20.0/255.255.255.0
localnet=192.168.252.0/255.255.255.0
useragent=PiaF
3. sip_nat.conf contains:
externip=94.159.144.238
localnet=192.168.20.0/255.255.255.0
nat=yes
4. I executed the commands mentioned: chmod and chown and I added the entry into /etc/crontab

I would appreciate a pointer as to why it does not work:
? do I need to replace myip.pbxinaflash.com in the script with myip1234.dyndns.com (which is updated by my router)?
? can I run ip.sh myself. As root, I cannot run it (permission denied)

In addition, in Webmin/System/Scheduled Cron Jobs the crontab does not appear. Where can I find it

 

[Boolah]

You only need to modify sip_custom.conf (not sip.conf)

If you have a dynamic IP, you should not set the externip parameter; you need to use the externhost parameter.

BTW - are you referring to the ip.sh script in the knol?

 

[Rrrr]

Yes I was referring to the ip.sh

Right, externip was from a previous manual I read, but I thought it wont hurt as the script (when it runs) seems to replace the file and rebuild the entries anyways. Am I right?

Can you explain abt the externhost parameter or send me a link?

 

[Boolah]

You only use externip when you have a static IP. If you have a dynamic IP, you need to set the following parameters:

externhost=<FQDN> (something like rrrr.dyndns.org)
externrefresh=300 (not required, but will specify how many seconds to check to see if you IP has changed)

 

[Rrrr]

OK just a few things

1) to make sure I get the syntax right (sorry for being such a noob)
externhost=rrrr.dyndns.org without the < and >, right?

2) how does your solution with externhost relate to the script ip.sh?

3) how to correct sip_nat.conf? I guess I followed instructions somewhere to add also here the externip. SHould I remove it?

 

[jroper]

Hi

It may help to explain some background here.

Presumably your PBX is on a private IP address range on the inside of a NAT device. Lets say you have put it on 192.168.1.200.

When a SIP device, including Asterisk registers to an external server, or a phone outside of the network registers to asterisk - asterisk has to report the IP address of where it can be found in the SIP negotiation.

If it tells the other end that it is to be found on 192.168.1.200, the other end is not going to find it, because the other end is not on the same private network.

This is characterised by the other end can hear you, but you cannot hear them, because the media stream is being sent to 192.168.1.200, which of course the other end cannot access, so effectively all that data is sent into Pixel-land, never to be seen or heard from again.

So we need to tell Asterisk two things.

1. What it's range of local IP addresses are:-
localnet = 192.168.1.0/255.255.255.0

2. What it's external IP address is.
externip=1.2.3.4

However, this all goes tits up should the external IP address change, and thus one way audio returns.

So if we are not blessed with a fixed IP address, we can set up some dynamic DNS, say rrrr.dynns.com. In this case we can put:
externhost=rrr.dyndns.com

However, the externhost setting has been found to be a bit unreliable, so James, and others have written scripts that find out the external IP address, and update the externip setting regularly.

I hope that this clarifies the reasoning behind these settings.

Joe

 

[Rrrr]

thanks a lot for this.

I have modified sip_nat.conf to contain:
externhost=rrr.dyndns.com
localnet=192.168.20.0/255.255.255.0
nat=yes

and sip_custom.conf:
externhost=rrr.dyndns.com
externrefresh=300
localnet=192.168.10.0/255.255.255.0
localnet=192.168.20.0/255.255.255.0
localnet=192.168.252.0/255.255.255.0
useragent=PiaF

I feel I am drowning in 2 different approaches.

1. After I change the scripts, do I need to reboot PiaF?
(Solved: I found the answer http://nerdvittles.com/index.php?p=214: Once you've made your entries, save the file: Ctrl-X, Y, then Enter. Reload Asterisk: amportal restart. If you assigned a permanent IP address, reboot your server: shutdown -r now)

2. You say I need only to correct sip_custom.conf, but in this guide PBX in a Flash® without Tears, Mark talks about changing sip_nat.conf. Please provide me with clarity on this so I dont mix up the system. What should be in sip_nat.conf?

3. Back to the solution with IP.SH
I now see that there are two DIFFERENT ip.sh scripts
here: http://knol.google.com/k/ward-mundy/pbx-in-a-flash/3uqc77rg9tgar/2#
and here: http://nerdvittles.com/index.php?p=214
I implemented the first, but I do not see if the script actually runs every 5 minutes. How do I know the ip.sh script actually runs correctly?

4. Can you inform me in general about how to monitor calls, ports, current IP address, streams in a live monitor? I find the panel not enough for problem resolution)

thanks for your patience

 

[Boolah]

If you're using externhost, you do not need to run the ip.sh script at all, as long as you have another mechanism (like your router) to update your hostname (rrrr.dyndns.org) when your IP changes.

You shouldn't need to modify your sip_nat.conf file at all (mine is completely empty). It's only sip_custom.conf that you should be messing with.

You don't need to restart your computer after you make the changes, but you do need to restart SIP. So, from the Linux command prompt, enter:

asterisk -rx "sip reload"

 

[Rrrr]

Great, Boolah thank you.

I was re-editing my entry, but you have already answered 1,2.
I cannot test right now, but will try it asap.
I would really appreciate you expertise on Q3 and Q4.

 

[Boolah]

Your question #3 regarding ip.sh become irrelevant if you're using another mechanism to update your dynamic hostname when your IP changes. If you're using another method to update your hostname, you do not run ip.sh at all. On the other hand, if you want to use ip.sh to update your IP, then you do not use the externhost settings (or any settings at all) in your sip_custom.conf file (since this file will be completely overwritten by ip.sh).

Your question #4 is a little all-encompasing. For monitoring streams and calls in general, you might find ASTassistant useful. If you're looking to see which [network] ports are actively being used on your box, take a look at the netstat command in Linux (man netstat). As for your WAN IP address, you can use the command taken directly from ip.sh to determine what your current WAN IP address is:

curl -s -S --user-agent "Mozilla/4.0" http://myip.pbxinaflash.com | awk 'NR==2'

 

[Rrrr]

Boolah, thank you

 

[james]

The original post was missing an ;; and an esac from the cut n paste and has been corrected in the original post..