[Serusers] nathelper/rtpproxy when both SIP UA are behind same NAT

sip sip at arcdiv.com
Mon Dec 5 00:13:24 CET 2005 

On Mon, 05 Dec 2005 00:43:19 +0200, Jan Henkins wrote
> Interesting! In my particular case, it's a Netgear ADSL router 
> running a version of uCLinux or something similar. The Netgear 
> firmware is apparently available for download (minus some proprietry 
> WWW frontend and related stuff) in order to comply to the GPLv2, but 
> I haven't taken the time to do this in order to check which 
> Netfilter modules are being used by the particluar 2.4.x kernel. In 
> any case, I'm not particularly good at C, so it wouldn't do me any 
> good anyway. However, in my experience the "statefulness" of a Linux 
> Netfilter-based gateway should be sufficient to be able to handle a 
> situation like this transparently, unless there is still something 
> fundamental that I'm missing.
> 
> Be that as it may, the simple question still remains: is it possible 
> to handle more than one UA behind a single NAT gateway with a single 
> SER setup on the outside of the NAT gateway (RFC 1918 address space 
> inside, normal routable IP outside)? Alternatively, would it be best 
> to have an inside SER that simply forwards all SIP traffic to the 
> outside SER?
> 


If the gateway has no issues with hairpinning, then yes, it's quite possible.
 I use a Linksys gateway at home and a slightly older, pre-sip-proxy version
of Astaro linux firewall at work, and we have multiple UAs behind each in the
NAT space of our firewall. They can call each other. They can all outside. All
based off registrations with a SER server on the outside of the network. 

Netgear specifically has some serious issues both with hairpinning and with
just plain ol' SIP. Netgear makes some mighty unfriendly gateways. :)

If you can't do it, though, it makes sense to set up some sort of proxy on the
inside of the NAT that all the UAs register with, and have it pass things back
and forth... forwarding the necessary data from outside to the server on the
inside using port-fowarding rules.  For some of our customers, we've
recommended Asterisk setups inside their NAT, just to make the passing of RTP
packets more rational. You don't have to worry about individual client UA RTP
settings, you can just worry about forwarding the RTP ports to Asterisk, and
then inside the NAT do anything you wish. Since SER doesn't manage RTP, using
just SER becomes problematic if your UAs are not homogeneous. 

N.

More information about the sr-users mailing list