[Asterisk-Users] Suggestion re: SIP/NAT/*

Steve Totaro asterisk at totarotechnologies.com
Fri Oct 29 10:28:38 MST 2004


I would agree that it is not good to suggest or impliment a solution that is 
not a "Best Practice" unless it is a last resort.


----- Original Message ----- 
From: "Bill Seddon" <bill.seddon at lyquidity.com>
To: "'Asterisk Users Mailing List - Non-Commercial Discussion'" 
<asterisk-users at lists.digium.com>
Sent: Friday, October 29, 2004 1:01 PM
Subject: RE: [Asterisk-Users] Suggestion re: SIP/NAT/*


> Karl
>
> Are you saying it is nonsense that there difficulties using Asterisk and 
> SIP
> behind a NAT server.  Or are you saying it is nonsense that SIP and NAT 
> are
> dangerous together?
>
> Bill Seddon
>
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Karl Brose
> Sent: October 29, 2004 5:49 PM
> To: Benjamin on Asterisk Mailing Lists; Asterisk Users Mailing List -
> Non-Commercial Discussion
> Subject: Re: [Asterisk-Users] Suggestion re: SIP/NAT/*
>
> NONSENSE
>
> Benjamin on Asterisk Mailing Lists wrote:
>
>>On Thu, 28 Oct 2004 14:45:46 -0600, Ryan Courtnage <ryan-lists at voxbox.ca>
> wrote:
>>
>>
>>>Yep, you can do this, just requires some port forwarding and special
>>>considerations in sip.conf.
>>>
>>>
>>
>>You are missing the point. There is no *solution* to SIP NAT
>>traversal. All there is are *workarounds*, otherwise known as bad and
>>rather dangerous hacks. Whether it works or not is highly dependent on
>>external factors that you don't usually control. It also depends on
>>the type of NAT/PAT your router is using, ie the router's particular
>>NAT/PAT implementation.
>>
>>The fact remains that SIP NAT traversal setups are highly insecure and
>>unreliable. Consider this to be the equivalent of locking your
>>apartment with duct tape. It may work for you, but you wouldn't
>>recommend it to anyone else UNLESS you wish them harm.
>>
>>Now, this is valid for single NAT situations and it is even more valid
>>for double NAT situations.
>>
>>If you want to do this properly without duct tape, then you will have
>>the three choices I mentioned:
>>
>>- If you must use SIP, don't use NAT
>>- If you must use NAT, use IAX
>>- If you must use both SIP and NAT, build a tunnel
>>
>>Anything else is improper and unprofessional.
>>
>>rgds
>>benjk
>>
>>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
> 




More information about the asterisk-users mailing list