> I have made some more progress since I made this post last week. I set > sip_direct_media to 0 (which indicates NAT should be performed for > media streams which don't come directly from endpoints) and > sip_external_media to 1 (I'm not clear on the purpose of this setting; > reading the description of the git commit > https://github.com/torvalds/linux/commit/a3419ce3 it appears to > prevent NAT for traffic that transits the router and egresses on the > same interface, this shouldn't be needed in my environment). With this > configuration some of the IPs in the SDP traffic were NATed correctly. With this configuration in place and after removing the additional "media NAT" entries I had created I have my RTP sessions correctly NATed. We discovered that a NGFW in another part of the network was blocking some of the RTP traffic which caused some of our missing media stream issues. I'm not certain if sip_external_media should be required, this setting appears to prevent NAT in a way that shouldn't be required in my environment, however it didn't work in initial testing. This setting may not be necessary. We did encounter some issues with undirectional RTP streams for music on hold but have seen this with other SIP hardware in the past. I may document this issue in more detail in the future. Is there a place I could record information about these settings and my (limited) understanding of them, to help other people in the future? It seems like they might be mentioned on this page https://people.netfilter.org/chentschel/docs/sip-conntrack-nat.html but that doesn't appear to be part of the regular netfilter documentation. -JohnF
