The SIP protocol is designed in a way that makes it tough to work with NAT. The two SIP endpoints dynamically determine the ports to use for the RTP (voice) data. Port 5060 is only used for control messages.
People have gotten SIP to work via a firewall (or iptables) but it's not a trivial thing. I avoid this problem by putting an Asterisk server at each location that has SIP devices and to inter-location communication via IAX (which does NOT have problems with NAT). Another way to deal with this is to run a VPN or IP tunnel between the network the SIP device is on and the network the Asterisk server is on. However, you can get very poor quality calls with this (since many VPN systems use TCP rather than UDP). On Fri, 2003-08-01 at 03:03, Dave Cotton wrote: > Am I the only person in the * world who can't get a sip connection > through an iptables firewall? > > I've got everything else working fine. > Xten <-> PSTN, Xten <-> Analog, IAX <-> IAX, but > exten => 3733,1,Dial(SIP/[EMAIL PROTECTED]) ; > evades me, ngrep @ port 5060 says the INVITES go out but how do I get > something back? -- BTEL Consulting 850-484-4535 x2111 (Office) 504-595-3916 x2111 (Experimental) 877-552-0838 (Backup Phone) _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
