bosconian wrote:I have an Asterisk server but it isn't exposed to the wild (as in it doesn't have Internet access) and we only use it on our local network so I haven't experienced NAT problems (i.e. one way audio) yet, but I want to make it available to the outside world. You think that if I just open 5060 and 10000-20000 UDP there won't be any problem? Also, isn't there any security risks on opening so many ports on my firewall?
By default you shouldn't have to open any ports. As steve points out above, Asterisk has settings to help with NAT...
If your Asterisk PBX is behind a NAT firewall, i.e. the PBX has an IP such as 192.168.1.1 then you will need to perform additional configuration to allow Asterisk to route the SIP and RTP correctly.
The NAT configuration can be found in the file /etc/asterisk/sip.conf, the relevant section that needs to be edited is reproduced below:
The example below assumes that your Asterisk PBX has an IP address of 192.168.1.X
externip=XX.XXX.XX.XX (This needs to be your PUBLIC WAN IP address, which can be found out either from your routers administration web page, or by visiting www.whatismyip.com
Once the file has been edited, you will need to restart Asterisk, consult your distribution documentation on how to perform this, for example:
service restart asterisk
sudo /etc/init.d/asterisk restart