Re: [Asterisk-Users] Suggestion re: SIP/NAT/*

Fri, 29 Oct 2004 10:33:32 -0700

I would agree that it is not good to suggest or impliment a solution that is not a "Best Practice" unless it is a last resort.


----- Original Message ----- From: "Bill Seddon" <[EMAIL PROTECTED]>
To: "'Asterisk Users Mailing List - Non-Commercial Discussion'" <[EMAIL PROTECTED]>
Sent: Friday, October 29, 2004 1:01 PM
Subject: RE: [Asterisk-Users] Suggestion re: SIP/NAT/*


Karl

Are you saying it is nonsense that there difficulties using Asterisk and SIP
behind a NAT server. Or are you saying it is nonsense that SIP and NAT are
dangerous together?

Bill Seddon

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Karl Brose
Sent: October 29, 2004 5:49 PM
To: Benjamin on Asterisk Mailing Lists; Asterisk Users Mailing List -
Non-Commercial Discussion
Subject: Re: [Asterisk-Users] Suggestion re: SIP/NAT/*

NONSENSE

Benjamin on Asterisk Mailing Lists wrote:

On Thu, 28 Oct 2004 14:45:46 -0600, Ryan Courtnage <[EMAIL PROTECTED]>
wrote: 


Yep, you can do this, just requires some port forwarding and special
considerations in sip.conf.



You are missing the point. There is no *solution* to SIP NAT
traversal. All there is are *workarounds*, otherwise known as bad and
rather dangerous hacks. Whether it works or not is highly dependent on
external factors that you don't usually control. It also depends on
the type of NAT/PAT your router is using, ie the router's particular
NAT/PAT implementation.

The fact remains that SIP NAT traversal setups are highly insecure and
unreliable. Consider this to be the equivalent of locking your
apartment with duct tape. It may work for you, but you wouldn't
recommend it to anyone else UNLESS you wish them harm.

Now, this is valid for single NAT situations and it is even more valid
for double NAT situations.

If you want to do this properly without duct tape, then you will have
the three choices I mentioned:

- If you must use SIP, don't use NAT
- If you must use NAT, use IAX
- If you must use both SIP and NAT, build a tunnel

Anything else is improper and unprofessional.

rgds
benjk


_______________________________________________
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users




_______________________________________________
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users


_______________________________________________
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to