Christopher Chan wrote: >> Now I have to hop over to the Asterisk list to figure why with one >> firewall the INVITE properly redirects the RTP to the RTP server, and >> the with the other firewall this is not in the INVITE so the RTP flow >> does not..... ARGH!!!!! >> > > I hope you are not trying to get around a double nat situation. client > -> nat <-> nat <- asterisk. > > I never managed to get things to work in that scenario. I have a vpn > setup to get things to work. No. That in part of my frustration. I have 64 publicly routed addresses. My open net is 8 addresses, for 6 systems. DSL router and so far 2 firewalls standard (occational honeypot). I assigned 8 addresses for my VoIPnet. All Trixboxes on VoIPnet have 2 NICs. Their second NIC is to an 192.168 addressed net with the various VoIP clients. So I have a WRT54g running sveasoft with NAT turned off. But even with NAT turned off, the box is basically brain-dead. It would only allow the ONE server defined as the DMZ server to be accessed even when the firewall is disabled! And I have 2 Trixboxes (part of my testing. Have to learn DUNDI too). So I now have a REAL firewall; well Centos wiht Shorewall. And it seemed to be working, but the SIP/SDP INVITE when I have the sveasoft box has a redirect from the SIP server to the actual RTP server. But with Shorewall, that information is NOT in the INVITE so the SIP server responds with an ICMP of no such port. And so far I have not figured this out...