[Asterisk-Dev] SIP/RTP and * behind a firewall
Brad Waite
brad at wcubed.net
Mon Sep 22 09:05:51 MST 2003
I've been going back and forth on -users regarding everyone's experience with
SIP and firewalls. In my case, I was trying to make it work with * behind the
firewall, and clients both inside and outside.
While NAT rules can be set up to get the SIP packets where they need to go, the
problem is with the IPs contained in the SIP INVITEs. Specifically, my * box
sends to my external client, "Hey, talk to me at 10.0.0.1, port 10000." My
client tries to, but obviously can't get to the private address space.
(Actually, to be honest, I was able to get it to work by setting up a static
route for the 10 network, but my external client had to be on the same subnet as
the firewall.)
XLite works with NAT (XLite on the inside, * on the outside) by asking us in a
config variable what the external address of our firewall is, and then puts that
address in the SIP requests. Why can't we add a line to *'s sip.conf and have
chan_sip.c do the same thing?
Or is having * behind a firewall a rare thing?
-Brad
More information about the asterisk-dev
mailing list