Hi, On Tue, 14 Aug 2007 14:48:30 +0000 (UTC) Mateus Interciso <[EMAIL PROTECTED]> wrote:
> Ok, thanks a lot, this for sure cleared a lot of troubles I was having on > my head. :-) The thing is, the more deeper you look into things, the more you get aware that they are more simple than you thought. > But for the SIP stuff, I have just one client, built the firewall using > fwbuilder (sometimes is more easier), and for instance here's the SIP > part on the nat table: > 0 0 DNAT udp -- any any anywhere > 200.*.*.* udp dpt:5060 to:10.0.0.112 > Is this wrong? Looks right... (actually, I'm unsure about that 200.*.*.*) but... see below... > Because the strange thing, is that it works for someplaces, but not for > others, and we really didn't had this issues with w2k3 routing stuff. Yeah, not having done a lot with SIP, I had another look into that matter. SIP seems to have the IP addresses of the clients that come into play inside the SIP messages. I.e., if your SIP phone or SIP client isn't aware of your _external_ IP, it will inform the other end about a private IP on your end, since that's all the SIP phone/client has. There is an information protocol that can make the SIP phone/client make aware of the real address (obviously, the gateway must support this, and the SIP phone/client too). I would start to try the netfilter modules, which claim (I didn't check) that they mangle SIP packages accordingly. A short introduction is here: http://people.netfilter.org/chentschel/docs/sip-conntrack-nat.html If that doesn't work and if your phone supports specifying a proxy, I would go that road instead. -hwh -- [EMAIL PROTECTED] mailing list
