[Asterisk-Dev] SIP/RTP and * behind a firewall

[John Todd]

>I've been going back and forth on -users regarding everyone's 
>experience with SIP and firewalls.  In my case, I was trying to make 
>it work with * behind the firewall, and clients both inside and 
>outside.
>
>While NAT rules can be set up to get the SIP packets where they need 
>to go, the problem is with the IPs contained in the SIP INVITEs. 
>Specifically, my * box sends to my external client, "Hey, talk to me 
>at 10.0.0.1, port 10000."  My client tries to, but obviously can't 
>get to the private address space.
>
>(Actually, to be honest, I was able to get it to work by setting up 
>a static route for the 10 network, but my external client had to be 
>on the same subnet as the firewall.)
>
>XLite works with NAT (XLite on the inside, * on the outside) by 
>asking us in a config variable what the external address of our 
>firewall is, and then puts that address in the SIP requests.  Why 
>can't we add a line to *'s sip.conf and have chan_sip.c do the same 
>thing?
>
>Or is having * behind a firewall a rare thing?
>
>-Brad
>

See the bugtracker  http://bugs.digium.com/bug_view_page.php?bug_id=0000104

This is not negative or snippy comment, but everyone might consider 
reading the bugtracker before posting for a particular feature or 
add-on, as often your comments are right on target and someone else 
has already run into the same problem.  Plus, comments specifically 
about the request or feature often live only in the bugnotes.

As a side note: I'd love to see xten use the same Via: header tricks 
that the Cisco boxes use when it's behind a NAT; that simplifies life 
to the point of non-configuration.

JT