Hi, On Fri, 16 Nov 2007, Mateus Interciso wrote: > I currently using iptables NAT for routing the internet trough 2 > different sub-networks, and we are having some trouble with the NAT, > specially for VoIP, Is the problem that you can make calls out but you sometimes can't receive them? Actually, it's possible some VoIP calls wouldn't work the other way either, if the user at the far end is also behind NAT. http://en.wikipedia.org/wiki/Network_address_translation#Different_types_of_NAT http://www.it46.se/wsis/show_entry.php?id=12 > so I was thinking if it's possible to make a router (like a CISCO IOS) > using Zebra, that will, in other words, share the Internet trough the > sub-networks, without using NAT, or in a better way. No idea. Sounds vaguely similar to Full Cone NAT. I'd say a SIP proxy is probably on the edge of the network is probably what you want for this. > The question for this, is that we had a w2k3 server sharing the internet, > and the VoIP was fine, since we changed the w2k3 for a Linux Box, the > VoIP started acting very strangely, and I'm really running out of options > here to make it fix I wonder does the Win2K machine provide a looser type of NAT compared to your linux firewall? Full cone NAT and Restricted cone NAT can both be worked around by smart SIP clients using STUN and some other techniques. http://en.wikipedia.org/wiki/NAT_traversal http://ekiga.org/index.php?rub=3&pos=0&faqpage=x161.html I think iptables usually does "Port restricted cone NAT" which makes SIP difficult. If both ends are behind that sort of NAT, I don't think a TCP connection can be initiated between them. I suspect you can probably craft iptables rules to do varying types of NAT. An explicit port forward to each client would appear to be one way. http://lists.netfilter.org/pipermail/netfilter/2007-April/068463.html Gavin - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
