[CentOS] ASTERISK BOX behind a filewall

Wed Sep 12 23:02:21 UTC 2007
gjgowey at tmo.blackberry.net <gjgowey at tmo.blackberry.net>

I'm just spit balling (since it has been a good number of years since I've used asterix), but why not have two asterix boxes (one your side, one client side) connected via aix (you'll have to setup the fw rules to make the aix go to the asterix box (on both sides) and just route your call through your nearest box?  Afaik this capability has been around for a long time, but I've never used aix with nat.


From: Feizhou <feizhou at graffiti.net>

Date: Thu, 13 Sep 2007 06:47:19 
To:CentOS mailing list <centos at centos.org>
Subject: Re: [CentOS] ASTERISK BOX behind a filewall

>> asterisk <-> nat <-> nat <-> sip client = big pain in the neck.
>> I have never managed to get this to work. Getting the below
>> was trouble
>> enough. Forget about trying to get an asterisk box behind a
>> nat to work
>> with clients outside.
>> asterisk <-> nat <-> sip client.
> Yes, you will need a specific SIP iptables filter for this to
> work from behind a firewall.

Getting it to work with a firewall is not a problem...it is getting the
thing to work with a natting firewall that is the problem. If one end is
natted, you can still do some tricks to get it to work but if both ends
are natted, forget it.

> I know of an H.323 filter, but haven't explored SIP as we aren't
> running any SIP application here yet.
> Another possibility would be a SIP proxy installed on the
> firewall, but it is not as secure as a filter.

asterisk IS a sip proxy.
