I'm just spit balling (since it has been a good number of years since I've used asterix), but why not have two asterix boxes (one your side, one client side) connected via aix (you'll have to setup the fw rules to make the aix go to the asterix box (on both sides) and just route your call through your nearest box? Afaik this capability has been around for a long time, but I've never used aix with nat.
Geoff
Sent from my BlackBerry wireless handheld.
-----Original Message----- From: Feizhou feizhou@graffiti.net
Date: Thu, 13 Sep 2007 06:47:19 To:CentOS mailing list centos@centos.org Subject: Re: [CentOS] ASTERISK BOX behind a filewall
asterisk <-> nat <-> nat <-> sip client = big pain in the neck.
I have never managed to get this to work. Getting the below was trouble enough. Forget about trying to get an asterisk box behind a nat to work with clients outside.
asterisk <-> nat <-> sip client.
Yes, you will need a specific SIP iptables filter for this to work from behind a firewall.
Getting it to work with a firewall is not a problem...it is getting the thing to work with a natting firewall that is the problem. If one end is natted, you can still do some tricks to get it to work but if both ends are natted, forget it.
I know of an H.323 filter, but haven't explored SIP as we aren't running any SIP application here yet.
Another possibility would be a SIP proxy installed on the firewall, but it is not as secure as a filter.
asterisk IS a sip proxy. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos