>> asterisk <-> nat <-> nat <-> sip client = big pain in the neck. >> >> I have never managed to get this to work. Getting the below >> was trouble >> enough. Forget about trying to get an asterisk box behind a >> nat to work >> with clients outside. >> >> asterisk <-> nat <-> sip client. > > Yes, you will need a specific SIP iptables filter for this to > work from behind a firewall. Getting it to work with a firewall is not a problem...it is getting the thing to work with a natting firewall that is the problem. If one end is natted, you can still do some tricks to get it to work but if both ends are natted, forget it. > > I know of an H.323 filter, but haven't explored SIP as we aren't > running any SIP application here yet. > > Another possibility would be a SIP proxy installed on the > firewall, but it is not as secure as a filter. asterisk IS a sip proxy.