[Asterisk-Users] Firewall traversal (was: Maximum retries exceeded
w/SIP)
Brad Waite
brad at wcubed.net
Sat Sep 20 22:29:22 MST 2003
Stephen Varga wrote:
> RTP requires two one way UDP streams.
>
> phone ---------> asterisk
> phone <--------- asterisk
>
> The RTP stream can be routed from the * box to the phone, but not the
> other way (unless you did what you stated below). So essentially you
> have a one-way conversation.
Hrm. XLite, upon request, modifies the setup information to reflect an external
IP for firewalled clients. I wonder if we could have * do the same. I'm
assuming it would violate the RFC, but if one could set the IP embedded in the
SDP packet to the firewall's external address via a configuration variable,
wouldn't this solve the problem?
> I am guessing you want to have a phone somewhere else on the Internet so
> this solution does not meet your requirements.
Agreed - unless everyone's on the same subnet.
> I don't know the answer to that one. I am new the *, and have already
> started down the path that you are going and wanted to help so you don't
> have to repeat all troubles I had.
Much obliged.
> It sounds like you more than one real IP address to work with, if that
> is the case there may be a way to make it work in your setup. Let me
> know.
I'll keep you posted. Right now, I'm leaning towards putting * outside the
firewall. A less desirable option is to dual-home * since that defeats the
security profile. I can't move * to the firewall as Stephen suggested since my
firewall is FBSD. Besides, this is only for pre-PRI testing purposes.
Brad
More information about the asterisk-users
mailing list