[Asterisk-Dev] SIP/RTP and * behind a firewall
Wade J. Weppler
weppler at wwworks-inc.com
Mon Sep 22 13:21:06 MST 2003
Generally, the SIP client can be behind NAT (add nat=yes in your
sip.conf context), but the server needs to have a public IP (firewall or
not). IAX/IAX2 can have the server and/or client behind NAT.
-wade
> I've been going back and forth on -users regarding everyone's
experience
> with
> SIP and firewalls. In my case, I was trying to make it work with *
behind
> the
> firewall, and clients both inside and outside.
>
> While NAT rules can be set up to get the SIP packets where they need
to
> go, the
> problem is with the IPs contained in the SIP INVITEs. Specifically,
my *
> box
> sends to my external client, "Hey, talk to me at 10.0.0.1, port
10000."
> My
> client tries to, but obviously can't get to the private address space.
>
> (Actually, to be honest, I was able to get it to work by setting up a
> static
> route for the 10 network, but my external client had to be on the same
> subnet as
> the firewall.)
>
> XLite works with NAT (XLite on the inside, * on the outside) by asking
us
> in a
> config variable what the external address of our firewall is, and then
> puts that
> address in the SIP requests. Why can't we add a line to *'s sip.conf
and
> have
> chan_sip.c do the same thing?
>
> Or is having * behind a firewall a rare thing?
>
> -Brad
More information about the asterisk-dev
mailing list