[CentOS] ASTERISK BOX behind a filewall

Wed Sep 12 22:47:19 UTC 2007
Feizhou <feizhou at graffiti.net>

>> asterisk <-> nat <-> nat <-> sip client = big pain in the neck.
>> I have never managed to get this to work. Getting the below 
>> was trouble 
>> enough. Forget about trying to get an asterisk box behind a 
>> nat to work 
>> with clients outside.
>> asterisk <-> nat <-> sip client.
> Yes, you will need a specific SIP iptables filter for this to
> work from behind a firewall.

Getting it to work with a firewall is not a problem...it is getting the 
thing to work with a natting firewall that is the problem. If one end is 
natted, you can still do some tricks to get it to work but if both ends 
are natted, forget it.

> I know of an H.323 filter, but haven't explored SIP as we aren't
> running any SIP application here yet.
> Another possibility would be a SIP proxy installed on the
> firewall, but it is not as secure as a filter.

asterisk IS a sip proxy.