[Asterisk-Users] Suggestion re: SIP/NAT/*

Karl Brose khb at brose.com
Fri Oct 29 09:49:11 MST 2004


NONSENSE

Benjamin on Asterisk Mailing Lists wrote:

>On Thu, 28 Oct 2004 14:45:46 -0600, Ryan Courtnage <ryan-lists at voxbox.ca> wrote:
>  
>
>>Yep, you can do this, just requires some port forwarding and special
>>considerations in sip.conf.
>>    
>>
>
>You are missing the point. There is no *solution* to SIP NAT
>traversal. All there is are *workarounds*, otherwise known as bad and
>rather dangerous hacks. Whether it works or not is highly dependent on
>external factors that you don't usually control. It also depends on
>the type of NAT/PAT your router is using, ie the router's particular
>NAT/PAT implementation.
>
>The fact remains that SIP NAT traversal setups are highly insecure and
>unreliable. Consider this to be the equivalent of locking your
>apartment with duct tape. It may work for you, but you wouldn't
>recommend it to anyone else UNLESS you wish them harm.
>
>Now, this is valid for single NAT situations and it is even more valid
>for double NAT situations.
>
>If you want to do this properly without duct tape, then you will have
>the three choices I mentioned:
>
>- If you must use SIP, don't use NAT
>- If you must use NAT, use IAX
>- If you must use both SIP and NAT, build a tunnel
>
>Anything else is improper and unprofessional.
>
>rgds
>benjk
>  
>



More information about the asterisk-users mailing list