[asterisk-bugs] [Asterisk 0013833]: Add netfilter functionality to asterisk to plumb NAT holes for RTP when running on NATting router

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Nov 4 14:41:35 CST 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=13833 
====================================================================== 
Reported By:                pprindeville
Assigned To:                qwell
====================================================================== 
Project:                    Asterisk
Issue ID:                   13833
Category:                   Channels/chan_sip/NewFeature
Reproducibility:            always
Severity:                   feature
Priority:                   normal
Status:                     closed
Asterisk Version:           1.4.21.2 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
Resolution:                 suspended
Fixed in Version:           
====================================================================== 
Date Submitted:             2008-11-03 21:14 CST
Last Modified:              2008-11-04 14:41 CST
====================================================================== 
Summary:                    Add netfilter functionality to asterisk to plumb NAT
holes for RTP when running on NATting router
Description: 
Where:

* Asterisk is running on an "edge" device which is also the
firewall/router,
* and NAT is being used for SIP endpoints behind the firewall/PBX,
* and SIP transport is being used for trunking/peering on the "outside" as
well, such that INVITES pass "through" the Asterisk platform,

it might be useful to add logic where Asterisk plumbs NAT holes for the
RTP stream, then modifies the SDP information in the SIP INVITE messages to
reflect the external address and port #'s.

====================================================================== 

---------------------------------------------------------------------- 
 (0094562) jtodd (administrator) - 2008-11-04 14:41
 http://bugs.digium.com/view.php?id=13833#c94562 
---------------------------------------------------------------------- 
For more thoughts that had been put forward, here's the outline of what I
had come up with as a straw man.

http://astridevcon.pbwiki.com/Network-Security-Framework

This certainly isn't complete, but some of what you want is discussed in
the content.  Perhaps you (pprindeville) could look at some of the code in
the more liberally-licensed firewall stacks referenced in the
Security-Framework document?  Or, alternately, this could just call an
external routine via an API (license boundary) that adds/removes filters. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2008-11-04 14:41 jtodd          Note Added: 0094562                          
======================================================================

More information about the asterisk-bugs mailing list