[Asterisk-Dev] SIP/RTP and * behind a firewall

Wade J. Weppler weppler at wwworks-inc.com
Mon Sep 22 13:21:06 MST 2003


Generally, the SIP client can be behind NAT (add nat=yes in your
sip.conf context), but the server needs to have a public IP (firewall or
not).  IAX/IAX2 can have the server and/or client behind NAT.

-wade

> I've been going back and forth on -users regarding everyone's
experience
> with
> SIP and firewalls.  In my case, I was trying to make it work with *
behind
> the
> firewall, and clients both inside and outside.
> 
> While NAT rules can be set up to get the SIP packets where they need
to
> go, the
> problem is with the IPs contained in the SIP INVITEs.  Specifically,
my *
> box
> sends to my external client, "Hey, talk to me at 10.0.0.1, port
10000."
> My
> client tries to, but obviously can't get to the private address space.
> 
> (Actually, to be honest, I was able to get it to work by setting up a
> static
> route for the 10 network, but my external client had to be on the same
> subnet as
> the firewall.)
> 
> XLite works with NAT (XLite on the inside, * on the outside) by asking
us
> in a
> config variable what the external address of our firewall is, and then
> puts that
> address in the SIP requests.  Why can't we add a line to *'s sip.conf
and
> have
> chan_sip.c do the same thing?
> 
> Or is having * behind a firewall a rare thing?
> 
> -Brad



More information about the asterisk-dev mailing list