[Asterisk-Users] Suggestion re: SIP/NAT/*

[Wilson Pickett]

> All there is are *workarounds*, otherwise known as bad and
> rather dangerous hacks. Whether it works or not is highly dependent on
> external factors that you don't usually control. It also depends on
> the type of NAT/PAT your router is using, ie the router's particular
> NAT/PAT implementation.

So be it! From a practical standpoint, if you want to have NAT routers
on both sides and you accept all this scary stuff, port forwarding
will do the job.

On a concrete level, it depends on exactly what you need to protect..
If this is an asterisk box that you are watching daily and it is
otherwise secured (lthings like sendmail not accepting ANY mail from
the outside, minimal accounts and running services, etc) and you
really need to do this, it works beyond the shadow of a doubt - may
have been doing it for many months. On the client side, I'm not sure
what the risk is to say a SIP phone that has 5060 and some rtp ports
forwarded to it. Maybe someone can come in and list the threats to
both ends of a double NAT setup? I'm sure hundreds of us would be very
interested in this!