From: Theunis B. <Th...@ac...> - 2003-10-16 08:00:11
|
>SIP (one of the two big VoIP communications protocols in use today - = the >other being H.323) is not NAT friendly - it embeds client IP address = and >port into the data stream, and uses UDP to RECEIVE calls. > >There are a couple of options available to address SIP issues: >o Use of STUN. STUN is a service run by the REMOTE system that tries = to >tell the client if it is behind a NAT firewall, and if so what type. = It has >to be included in the client software to make use of it - and doesn't = work >in all cases. > >o -IF- the client allows, giving it the firewall's address and telling = it to >use that instead of its own IP address (some clients will allow this), = and >the use of port forwarding on the firewall to "open a hole" to the = client >box. > >o The use of a SIP gateway. In essence, you run a SIP based PBX on the >firewall that takes the call from the Internet and connects with the >"extension" (in this case - the client box). > >o The use of a SIP proxy. > >NOTE: The netfilter people (aka the IPTables group) has said that >fixing/changing IPTables to handle SIP is non trivial and would require = a >massive rewrite of the IPTables core. They have indicated that the = work >would have to be sponsored by somebody - and nobody has currently = stepped >forward with the money. if i understand correctly, which i don't, i think you have a point. some way of doing the peer to peer in a NAT environment? |