Hello,
If you are really interested in having SER within a natted network or running on the firewall/nat itself, may be you could give a try to the fcp module. It relies on a client side which is added as a module to SER, and a server side, running on the firewall/nat (with iptables).
The module keeps track of sessions similar to a b2bua. When a new request for a session comes (INVITE, SUBSCRIBE, MESSAGE, etc.) from an internal client, the fcp module learns the external IP address and a port on the firewall and makes several changes to the SIP message. In the current implementation, Contact and SDP can be changed before sending any request through the firewall/nat. When responses come back (200 OK with SDP), the firewall ports are open for media to flow. Ports are closed after expiration of rules or because of CANCEL/BYE are issued from any of the end points.
This has been tested so far in the following scenario:
SIP UA1 ----- SER+fcp module ------ NAT/FW(fcpd) --------- SER ----------- SIP UA2
With the current version of fcpd (http://www.iptel.org/fcp/) I have not been successful in establishing a media connection, but you might be luckier :)
However, the previous version worked for me in several occasions (I could hear audio to and from SIP UA1/SIP UA2).
If your are interested in giving it a try, let me know and we see how far we get.
Jaime
"Hans Scheffers" hans.scheffers@xs4all.nl on 06/05/2003 13:32:16
To: serusers@lists.iptel.org cc: (bcc: Jaime GILL/EN/HTLUK)
Subject: RE: [Serusers] Firewall
NAT, i have one public ip The problem with iptable/ipchains is the way they filter compared to Cisco a.s.o.
Hans Scheffers JifLin B.V. Leliestraat 7 7151 GH Eibergen
-----Oorspronkelijk bericht----- Van: Jan Janak [mailto:jan@iptel.org] Verzonden: dinsdag 6 mei 2003 12:18 Aan: Hans Scheffers CC: serusers@lists.iptel.org Onderwerp: Re: [Serusers] Firewall
BTW, are you behind a NAT or just a firewall ?
Jan.
On 06-05 11:36, Hans Scheffers wrote:
But are there developers working on it?
Hans Scheffers JifLin B.V. Leliestraat 7 7151 GH Eibergen
-----Oorspronkelijk bericht----- Van: Jan Janak [mailto:jan@iptel.org] Verzonden: dinsdag 6 mei 2003 11:18 Aan: Juha Heinanen CC: Hans Scheffers; serusers@lists.iptel.org Onderwerp: Re: [Serusers] Firewall
On 06-05 07:54, Juha Heinanen wrote:
Jan Janak writes:
I have an Astaro Linux Firewall. This firewall blocks
everything (what I
want :)), and is based on on iptables.
if it based on iptables, then the right solution is to
write a sip
helper application for iptables. everything else is hackery.
And this is very tricky, that is the reason why there is no such helper application yet.
Jan.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
******************************************************************************* Important. Confidentiality: This communication is intended for the above-named person and may be confidential and/or legally privileged. Any opinions expressed in this communication are not necessarily those of the company. If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
Monitoring/Viruses Orange may monitor all incoming and outgoing emails in line with current legislation. Although we have taken steps to ensure that this email and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free.
Orange PCS Limited is a subsidiary of Orange SA and is registered in England No 2178917, with its address at St James Court, Great Park Road, Almondsbury Park, Bradley Stoke, Bristol BS32 4QJ. *******************************************************************************
-
jaime.gill@orange.co.uk