[asterisk-users] Understanding NAT Traversal
Brian Candler
B.Candler at pobox.com
Wed Oct 11 12:22:27 MST 2006
On Wed, Oct 11, 2006 at 09:21:38AM -0800, Mojo with Horan & Company, LLC wrote:
> Conceivably, if only one SIP UA were in use behind a NAT router, then
> when it constructed a call and needed to receive RTP streams, it would
> configure port mappings in the router via the UPnP protocol, so external
> port 10xxx is forwarded to the internal IP of the SIP UA. It could
> remove this port mapping when the call was deconstructed.
I don't know much about UPnP, but has anyone considered using a SOCKS 5
proxy? This is a clean way in which the UA can remotely open sockets on the
firewall itself. I've not seen any SIP terminals yet which support it.
> The problem of course happens when two SIP UAs need to work behind a NAT
> router, because, as Cullin mentioned, "It is very difficult to track
> a a many-to-one NAT (technically port address translation (PAT)) when
> you can't change the source or destination ports. "
Yep, but IIUC the 'rport' extension (RFC 3581) means in practice you don't
actually have to use 5060 as your source port.
Regards,
Brian.
More information about the asterisk-users
mailing list