Issues with Server with Public IP

I just installed the latest version of the Distro and upgraded all of the modules. The server has a public IP and is not nated. The phones that are connecting are nated and are not working properly. When I do sip show peers it is showing their internal IP and not the public IP as it should be showing.

Under Asterisk SIP Settings
NAT - Yes
IP Configuration - Public IP
(I have tried multiple variations with the same result)

Can someone please point me in the right direction.

This is a problem at the remote end with the firewall and or router configuration.

Make sure all ALG/SIP transform functionality is disabled in the router.

You also should not have the FreePBX distro connected to the Internet without a firewall (software or hardware).

I have IPTables with Fail2Ban running for now and plan on implementing a hardware firewall later. I have multiple sites doing the same thing with different routers. If I have them connect to a trixbox 2.6 or elastix box I do not have the problem. I am pretty certain it is a problem with the configuration on the FreePBX distro. I am not sure how to proceed with troubleshooting.

Are there any other NIC’s in the box?

Please post output of ‘sip show settings’ with the [code]tags[/code] so it’s easy to read.

 sip show settings

Global Settings:
  UDP Bindaddress:
  TCP SIP Bindaddress:    Disabled
  TLS SIP Bindaddress:    Disabled
  Videosupport:           No
  Textsupport:            No
  Ignore SDP sess. ver.:  No
  AutoCreate Peer:        No
  Match Auth Username:    No
  Allow unknown access:   Yes
  Allow subscriptions:    Yes
  Allow overlap dialing:  Yes
  Allow promisc. redir:   No
  Enable call counters:   No
  SIP domain support:     No
  Realm. auth:            No
  Our auth realm          asterisk
  Use domains as realms:  No
  Call to non-local dom.: Yes
  URI user is phone no:   No
  Always auth rejects:    Yes
  Direct RTP setup:       No
  User Agent:             FPBX-2.9.0(
  SDP Session Name:       Asterisk PBX
  SDP Owner Name:         root
  Reg. context:           (not set)
  Regexten on Qualify:    No
  Legacy userfield parse: No
  Caller ID:              Unknown
  From: Domain:
  Record SIP history:     Off
  Call Events:            Off
  Auth. Failure Events:   Off
  T.38 support:           No
  T.38 EC mode:           Unknown
  T.38 MaxDtgrm:          -1
  SIP realtime:           Disabled
  Qualify Freq :          60000 ms
  Q.850 Reason header:    No
  Store SIP_CAUSE:        No

Network QoS Settings:
  IP ToS SIP:             CS3
  IP ToS RTP audio:       EF
  IP ToS RTP video:       AF41
  IP ToS RTP text:        CS0
  802.1p CoS SIP:         4
  802.1p CoS RTP audio:   5
  802.1p CoS RTP video:   6
  802.1p CoS RTP text:    5
  Jitterbuffer enabled:   No

Network Settings:
  SIP address remapping:  Disabled, no localnet list
  Externhost:             <none>
  Externaddr:             PUBLICIP:0
  Externrefresh:          10

Global Signalling Settings:
  Codecs:                 0x10e (gsm|ulaw|alaw|g729)
  Codec Order:            g729:20,ulaw:20,alaw:20,gsm:20
  Relax DTMF:             No
  RFC2833 Compensation:   No
  Symmetric RTP:          Yes
  Compact SIP headers:    No
  RTP Keepalive:          0 (Disabled)
  RTP Timeout:            30
  RTP Hold Timeout:       300
  MWI NOTIFY mime type:   application/simple-message-summary
  DNS SRV lookup:         No
  Pedantic SIP support:   Yes
  Reg. min duration       60 secs
  Reg. max duration:      3600 secs
  Reg. default duration:  120 secs
  Outbound reg. timeout:  20 secs
  Outbound reg. attempts: 0
  Notify ringing state:   Yes
    Include CID:          No
  Notify hold state:      Yes
  SIP Transfer mode:      open
  Max Call Bitrate:       384 kbps
  Auto-Framing:           No
  Outb. proxy:            <not set>
  Session Timers:         Accept
  Session Refresher:      uas
  Session Expires:        1800 secs
  Session Min-SE:         90 secs
  Timer T1:               500
  Timer T1 minimum:       100
  Timer B:                32000
  No premature media:     Yes
  Max forwards:           70

Default Settings:
  Allowed transports:     UDP
  Outbound transport:     UDP
  Context:                from-sip-external
  Force rport:            Yes
  DTMF:                   rfc2833
  Qualify:                0
  Use ClientCode:         No
  Progress inband:        Never
  MOH Interpret:          default
  MOH Suggest:
  Voice Mail Extension:   *97

You did not answer the question about how many NIC’s in the system?

Thanks for formatting the output, it is easy to read.

You don’t have a localnet setting, so Asterisk is not rewriting the packet.

It has two NICs but only one is being used and it has the public IP there is not private / nated IP on the system.

I just built my first PBX using the distro and I have the exact same problem. Just like you, my server is on a public IP and my phones is in a remote location using a NATed ip. I can connect this remote phone to a different server running FreePBX 2.7 just fine but when I connect the same remote phone to my newly built Distro it registers at it’s private IP rather than its public IP.

I’m wondering if you found a solution to his problem.

Under the extension what do you have NAt set to. It needs to be set to yes for any phone that is natted.

I should have thought to look there but on my other servers this is not a setting I have ever had to change. Maybe it defaults to yes on the older versions of FreePBX. Since all of my extensions will be NATed, do you know if there a place in the distro where I can set NAT=yes as a default setting for new extensions?

Changing the setting on the extension setup page solved the problem.

Thank you

I just found the answer to my question above. The default NAT setting is under Settings/Advanced Settings/Device settings.

Thanks again for the help.

Yes that is where you can set the default. Yes prior to FreePXB 2.9 the default was set to yes but due to security concerns we changed it.