[Asterisk-Users] Suggestion re: SIP/NAT/*
Benjamin on Asterisk Mailing Lists
benjk.on.asterisk.ml at gmail.com
Fri Oct 29 08:29:14 MST 2004
On Thu, 28 Oct 2004 14:45:46 -0600, Ryan Courtnage <ryan-lists at voxbox.ca> wrote:
> Yep, you can do this, just requires some port forwarding and special
> considerations in sip.conf.
You are missing the point. There is no *solution* to SIP NAT
traversal. All there is are *workarounds*, otherwise known as bad and
rather dangerous hacks. Whether it works or not is highly dependent on
external factors that you don't usually control. It also depends on
the type of NAT/PAT your router is using, ie the router's particular
NAT/PAT implementation.
The fact remains that SIP NAT traversal setups are highly insecure and
unreliable. Consider this to be the equivalent of locking your
apartment with duct tape. It may work for you, but you wouldn't
recommend it to anyone else UNLESS you wish them harm.
Now, this is valid for single NAT situations and it is even more valid
for double NAT situations.
If you want to do this properly without duct tape, then you will have
the three choices I mentioned:
- If you must use SIP, don't use NAT
- If you must use NAT, use IAX
- If you must use both SIP and NAT, build a tunnel
Anything else is improper and unprofessional.
rgds
benjk
--
Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya,
Tokyo, Japan.
NB: Spam filters in place. Messages unrelated to the * mailing lists
may get trashed.
More information about the asterisk-users
mailing list