[Asterisk-Users] SIP with an iptables fiewall
Eric Wieling
eric at fnords.org
Fri Aug 1 05:43:07 MST 2003
The SIP protocol is designed in a way that makes it tough to work with
NAT. The two SIP endpoints dynamically determine the ports to use for
the RTP (voice) data. Port 5060 is only used for control messages.
People have gotten SIP to work via a firewall (or iptables) but it's not
a trivial thing. I avoid this problem by putting an Asterisk server at
each location that has SIP devices and to inter-location communication
via IAX (which does NOT have problems with NAT). Another way to deal
with this is to run a VPN or IP tunnel between the network the SIP
device is on and the network the Asterisk server is on. However, you
can get very poor quality calls with this (since many VPN systems use
TCP rather than UDP).
On Fri, 2003-08-01 at 03:03, Dave Cotton wrote:
> Am I the only person in the * world who can't get a sip connection
> through an iptables firewall?
>
> I've got everything else working fine.
> Xten <-> PSTN, Xten <-> Analog, IAX <-> IAX, but
> exten => 3733,1,Dial(SIP/fred at somewhere.com) ;
> evades me, ngrep @ port 5060 says the INVITES go out but how do I get
> something back?
--
BTEL Consulting
850-484-4535 x2111 (Office)
504-595-3916 x2111 (Experimental)
877-552-0838 (Backup Phone)
More information about the asterisk-users
mailing list