> > On Tue, Dec 14, 2004 at 12:18:41PM +0100, Zelmans, Bernard wrote: > > Is there some iptables code that supports SIP: > > -opening the pinhole > > -modify the IP address of the end point in the signaling so that the rtp > > channel is opened properly > > -closing the pinhole when the call is terminated > > -preventing DOS attacks > > No, but contributions/patches are always welcome. > > As for now, I think running siproxd (including rtp proxy) is the best > you can get. > People have been talking/asking for a SIP ALG for long time. Making a rudimental one is not too hard. You can check Linksys router's gpl code. The latest code of wrt54g has a SIP conntrack. It is ok to make basic phone calls. SIP is a quite complex and flexible protocol. When it gets to some features, I haven't seen a working SIP ALG yet. For example, with linksys' SIP conntrack, if you have two phones behind the same NAT and calling between each other, with certain phones SIP CANCEL message can't be processed properly. So if one side hangs up before the other side picks up, the callee still keeps getting the ring. If you only worry about SIP message having the default 3 minutes timeout, there is a new contribution for a jump TARGET to change the timeout value. For media to pass through, you can use some kind of rtp proxy sitting on the public internet. Richard
