[Asterisk-Users] Suggestion re: SIP/NAT/*

Michael Bielicki cypromis at gmail.com
Fri Oct 29 10:22:10 MST 2004 

Also karl, what are you basing your statement on ?
*g


On Fri, 29 Oct 2004 18:01:50 +0100, Bill Seddon
<bill.seddon at lyquidity.com> wrote:
> Karl
> 
> Are you saying it is nonsense that there difficulties using Asterisk and SIP
> behind a NAT server.  Or are you saying it is nonsense that SIP and NAT are
> dangerous together?
> 
> Bill Seddon
> 
> 
> 
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Karl Brose
> Sent: October 29, 2004 5:49 PM
> To: Benjamin on Asterisk Mailing Lists; Asterisk Users Mailing List -
> Non-Commercial Discussion
> Subject: Re: [Asterisk-Users] Suggestion re: SIP/NAT/*
> 
> NONSENSE
> 
> Benjamin on Asterisk Mailing Lists wrote:
> 
> >On Thu, 28 Oct 2004 14:45:46 -0600, Ryan Courtnage <ryan-lists at voxbox.ca>
> wrote:
> >
> >
> >>Yep, you can do this, just requires some port forwarding and special
> >>considerations in sip.conf.
> >>
> >>
> >
> >You are missing the point. There is no *solution* to SIP NAT
> >traversal. All there is are *workarounds*, otherwise known as bad and
> >rather dangerous hacks. Whether it works or not is highly dependent on
> >external factors that you don't usually control. It also depends on
> >the type of NAT/PAT your router is using, ie the router's particular
> >NAT/PAT implementation.
> >
> >The fact remains that SIP NAT traversal setups are highly insecure and
> >unreliable. Consider this to be the equivalent of locking your
> >apartment with duct tape. It may work for you, but you wouldn't
> >recommend it to anyone else UNLESS you wish them harm.
> >
> >Now, this is valid for single NAT situations and it is even more valid
> >for double NAT situations.
> >
> >If you want to do this properly without duct tape, then you will have
> >the three choices I mentioned:
> >
> >- If you must use SIP, don't use NAT
> >- If you must use NAT, use IAX
> >- If you must use both SIP and NAT, build a tunnel
> >
> >Anything else is improper and unprofessional.
> >
> >rgds
> >benjk
> >
> >
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
> 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
> 


-- 
Michael Bielicki

More information about the asterisk-users mailing list