Feizhou wrote:
asterisk <-> nat <-> nat <-> sip client = big pain in the neck.
I have never managed to get this to work. Getting the below was trouble enough. Forget about trying to get an asterisk box behind a nat to work with clients outside.
asterisk <-> nat <-> sip client.
Yes, you will need a specific SIP iptables filter for this to work from behind a firewall.
Getting it to work with a firewall is not a problem...it is getting the thing to work with a natting firewall that is the problem. If one end is natted, you can still do some tricks to get it to work but if both ends are natted, forget it.
Well that was the idea behind the ipfilter stuff. It will change the IPs in the protocol stream to compensate for the NAT.
I face the same problem trying to do H.323 behind a NAT'd firewall.
I know of an H.323 filter, but haven't explored SIP as we aren't running any SIP application here yet.
Another possibility would be a SIP proxy installed on the firewall, but it is not as secure as a filter.
asterisk IS a sip proxy.
Yes, well what I was hinting at was a dumbed-down install of asterisk installed ON the firewall that would be responsible for handing off calls coming in to and out of the network from/to another larger asterisk system.
That is the setup I had to do with GNU gatekeeper and H.323 since at the time I wasn't able to get the ipfilter h.323 filter to work properly with my Polycom system.
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.