Feizhou wrote: > > >> asterisk <-> nat <-> nat <-> sip client = big pain in the neck. > >> > >> I have never managed to get this to work. Getting the below > >> was trouble > >> enough. Forget about trying to get an asterisk box behind a > >> nat to work > >> with clients outside. > >> > >> asterisk <-> nat <-> sip client. > > > > Yes, you will need a specific SIP iptables filter for this to > > work from behind a firewall. > > Getting it to work with a firewall is not a problem...it is > getting the > thing to work with a natting firewall that is the problem. If > one end is > natted, you can still do some tricks to get it to work but if > both ends > are natted, forget it. Well that was the idea behind the ipfilter stuff. It will change the IPs in the protocol stream to compensate for the NAT. I face the same problem trying to do H.323 behind a NAT'd firewall. > > > > I know of an H.323 filter, but haven't explored SIP as we aren't > > running any SIP application here yet. > > > > Another possibility would be a SIP proxy installed on the > > firewall, but it is not as secure as a filter. > > asterisk IS a sip proxy. Yes, well what I was hinting at was a dumbed-down install of asterisk installed ON the firewall that would be responsible for handing off calls coming in to and out of the network from/to another larger asterisk system. That is the setup I had to do with GNU gatekeeper and H.323 since at the time I wasn't able to get the ipfilter h.323 filter to work properly with my Polycom system. -Ross ______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.