5 Dec
2005
5 Dec
'05
12:13 a.m.
On Mon, 05 Dec 2005 00:43:19 +0200, Jan Henkins wrote
Interesting! In my particular case, it's a Netgear
ADSL router
running a version of uCLinux or something similar. The Netgear
firmware is apparently available for download (minus some proprietry
WWW frontend and related stuff) in order to comply to the GPLv2, but
I haven't taken the time to do this in order to check which
Netfilter modules are being used by the particluar 2.4.x kernel. In
any case, I'm not particularly good at C, so it wouldn't do me any
good anyway. However, in my experience the "statefulness" of a Linux
Netfilter-based gateway should be sufficient to be able to handle a
situation like this transparently, unless there is still something
fundamental that I'm missing.
Be that as it may, the simple question still remains: is it possible
to handle more than one UA behind a single NAT gateway with a single
SER setup on the outside of the NAT gateway (RFC 1918 address space
inside, normal routable IP outside)? Alternatively, would it be best
to have an inside SER that simply forwards all SIP traffic to the
outside SER?
If the gateway has no issues with hairpinning, then yes, it's quite possible.
I use a Linksys gateway at home and a slightly older, pre-sip-proxy version
of Astaro linux firewall at work, and we have multiple UAs behind each in the
NAT space of our firewall. They can call each other. They can all outside. All
based off registrations with a SER server on the outside of the network.
Netgear specifically has some serious issues both with hairpinning and with
just plain ol' SIP. Netgear makes some mighty unfriendly gateways. :)
If you can't do it, though, it makes sense to set up some sort of proxy on the
inside of the NAT that all the UAs register with, and have it pass things back
and forth... forwarding the necessary data from outside to the server on the
inside using port-fowarding rules. For some of our customers, we've
recommended Asterisk setups inside their NAT, just to make the passing of RTP
packets more rational. You don't have to worry about individual client UA RTP
settings, you can just worry about forwarding the RTP ports to Asterisk, and
then inside the NAT do anything you wish. Since SER doesn't manage RTP, using
just SER becomes problematic if your UAs are not homogeneous.
N.