FreePBX 2.2 with Public and private nic

Hi All,

I’m pretty sure this is a nat issue but not sure how it should be configured.

network looks like this.
10.0.0.0 internal
192.168.1.0 remote internal (connected via open vpn)

FreePBX has 2 nics. 1 set to public ip 234.107.x.x
the other set to private ip of 10.0.0.12.

The 234.107.x.x is a t-1 only used for sip.

freepbx has default gw set to 10.0.0.1.

sip provider does not support nat.

when in the 10 network, I can make and receive calls, but outbound audio is completely unintelligible. inbound audio is perfect.

when in the 192 network, can make calls, but no audio (except for ring)

Thanks in advance.

FreePBX 2.2 is beyond ancient. It does not support any NAT configuration.

What version of Asterisk is this beast running on?

Should have been more clear. FreePBX distro2.210.
Asterisk 10.

Is the 192 network in the localnets? What is NAT set to?

192 is not local. it is remote connectied via openvpn pipe. I don’t have NAT configured at all on frepbx.

localnet does not mean what you think. It tells Asterisk to exclude that network from NAT processing. You need a localnet declaration for every network that is reachable without NAT translation from any connected interface on the box.

So if the gateway that processes 192 traffic is 10.0.0.1 (not the freepbx) it should be included in the localnet? So the localnets should then be listed as 10.0.00/24 and 192.168.1.0/24?

So the sever is also dual homed. Do I then put the public network in the local networks section as well?

Put the 192 in there but not the public address. The public address should go in the external address.

It was a basic routing issue. Once I made the public address the default gw all my problems went away. I ad to add a few static routes to the inside interface, but those were quick and easy. In hindsight, the public interface doesn’t really push much traffic at all. Updates is about it. iptables is configured to allow appropriate ip’s in and block everything else. All is right in th eworld now.

The 10.0.0.0 gateway is not a connected network the Asterisk box and B. there are no VoIP devices in it.

Since Asterisk won’t be seeing any SIP traffic from devices on that network it does not have to be excluded from NAT processing.

Does this make sense? I want you to understand what localnet is for, to exclude netblocks from Asterisk NAT processing.

I have the public address and the local nets all plugged in. I’m not exactly sure if it’s necessary, but it does work.

I think folks are often confused about the public address field. It does not mean that an interface on the server has a piblic interface. This is the IP address that is on the public facing NAT interface. Asterisk assumes that NAT has taken care of forwarding the ports, remember that you should not have to put static NAT translations in your router unless you want outside hosts to be able to contact the server first. DNAT implicitely trusts the inbound portion of an outbound requests (this is why web surfing works). You should not have to map ports for a sip trunk to work.

I am oversimplifying of course.