Ross S. W. Walker wrote:
Feizhou wrote:
asterisk <-> nat <-> nat <-> sip client = big pain in the neck.
I have never managed to get this to work. Getting the below
was trouble
enough. Forget about trying to get an asterisk box behind a
nat to work
with clients outside.
asterisk <-> nat <-> sip client.
Yes, you will need a specific SIP iptables filter for this to
work from behind a firewall.
Getting it to work with a firewall is not a problem...it is
getting the
thing to work with a natting firewall that is the problem. If
one end is
natted, you can still do some tricks to get it to work but if
both ends
are natted, forget it.
Well that was the idea behind the ipfilter stuff. It will change
the IPs in the protocol stream to compensate for the NAT.
It looks like there is a netfilter sip conntrack module.
I face the same problem trying to do H.323 behind a NAT'd firewall.
Man, I stopped playing with netmeeting and gnomemeeting quite some time
ago while waiting for ekiga to be available to support my video...only
that you cannot compile the thing on Centos 4 without some major surgery.
I know of an H.323 filter, but haven't explored SIP as we aren't
running any SIP application here yet.
Another possibility would be a SIP proxy installed on the
firewall, but it is not as secure as a filter.
asterisk IS a sip proxy.
Yes, well what I was hinting at was a dumbed-down install of
asterisk installed ON the firewall that would be responsible
for handing off calls coming in to and out of the network
from/to another larger asterisk system.
You still have to setup the sip configuration to handle that. Not much
dumb downing on that aspect.
That is the setup I had to do with GNU gatekeeper and H.323 since
at the time I wasn't able to get the ipfilter h.323 filter to
work properly with my Polycom system.
Ugh. Is that good luck with the sip conntrack module then?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
