route add with specific interface
 

I have an Asterisk-server with 2 interfaces, a WAN-interface (eth1) and a LAN-interface (eth0).

SETUP :

IAX-provider(internet) --> firewall --> Asterisk-server --> switch --> clients_on_LAN

So everything coming from the IAX-provider on port 4569 is forwarded to the Asterisk-server's WAN-interface (eth1).
This needs then be routed to an internal SIP-phone (an IVR-system will define which one) via eth0.

When a call is initiated from an internal SIP-phone (they register to the IP-address assigned to eth0) it needs to be routed via eth1 to the gateway (192.168.4.250). Asterisk will setup an IAX-channel on WAN-interface (eth1) to the IAX-provider (via gateway).

So... will this work :

(no gateway needed for the LAN-interface, communications to the gateway need to go via the WAN-interface !)

hi,

i'm not too sure about what you've asking - but, from routing theory - you *usually* dont need to use routing on the same subnet - unless you want to communicate with other subnet like your IAX_provider. Hence - on the Asterisk server, it should have a default gateway to 0/0 - which is your IAX_provider included, via eth1.

but, from your provided scenario - are you not in somekind of NAT-T problem? since you use 2 routers? are you in a full routing?

just a thought.

The firewall is m0n0wall, with 3 interfaces like this :

We might change the setup to this :
(m0n0wall has only 2 interfaces)

You are right when you say that both interfaces are on the same subnet.

What I'm trying to accomplish is that m0n0wall is connected directly with the Asterisk-server and with the ethernet-switch.

Also the Asterisk-server is connected with m0nOwall and the switch.

So when a internal SIP-phone wants to make a call it follows this way :

SIP-phone >> ethernet-switch >> Asterisk(LAN) >> Asterisk(WAN) >> m0n0wall >> IAX-provider

When a SIP-phone calls another SIP-phone on the internal LAN :

SIP-phone 1 >> Ethernet-switch >> Asterisk(LAN) >> Asterisk(LAN) >> Ethernet-switch >> SIP-phone 2

What I don't want :

SIP-phone >> Ethernet-switch >> Asterisk(LAN) >> Ethernet-switch >> m0n0wall >> IAX-provider


There is no problem if NAT is implemented on the m0n0wall (then also router) because outgoing calls go with the IAX-protocol, which handles NAT gracefully.

Also : there is no DHCP on the LAN, all IP-addresses are set hard-coded in the clients (pc and phone)

hi,

ok, perhaps i'm reading this as you were afraid that your RTP udp session run off of its track so the phones responding directly to monowall LAN_if instead of asterisk LAN-if, am i correct?

one easy way to find out whether the phones directly answers the RTP using monowall LAN-if line is to sniff it. my guess is - it will use both monowall & asterisk path.

so, in this case an ALG wont work - there are 2 options :
1. put another router between the asterisk/monowall and the phones - make that fancy routing policy.
2. no new router, but put the routing policy on every phone - if possible.

just a thought.

My question is really just about the routing between the 2 interfaces in my Asterisk-server.

Don't think of the rest of the network-setup.

I just want everything coming in on the LAN_if of my Asterisk-server going out via the WAN_if of my Asterisk-server.

And I want everything coming in on the WAN_if of the Asterisk-server, going out via the LAN_if.

The 'default gateway' for the IP-phones is actually the Asterisk LAN_if.

So just the routing between the 2 interfaces of my Asterisk-server, in both directions...
Will this be the correct rule :

(everything going out via eth1 (WAN_if))


(everything for the LAN via eth0 (LAN_if)

Thanks in advance for your reply !