[Serusers] symmetric nat/ broadband routers
Hans Eriksson
hansa at mac.com
Thu Dec 4 18:12:39 CET 2003
Klaus,
Many commersial grade firewalls do not keep sessions alive, regardsless
of external pings, so it won't work in rather too many cases.
Also, assuming many users (10k, 100k) doing natpings will be heavy.
But alas, NATs are a hack and maybe the only remedies will also be
hacks, with all the pros and cons.
cheers
/hans
4 dec 2003 kl. 17.43 skrev Klaus Darilion:
> Yes, the ports at the client are identical, but the NAT router uses
> other ports at the public interface, e.g. if the client behind the NAT
> uses port 5060 for SIP (send&receive), the NATs publice interface may
> user for example port 50000. Therefore, the client listen on port 5060,
> but the packets have to be sent to port 50000 of the public IP address
> and then the NAT router rewrites the port back to 5060. Hence, the
> nathelper modules rewrites the IP address and the port in the contact
> header before saving them in the location database.
>
> If the session in the NAT router times out although using natping,
> thats
> a pit. Maybe it helps to ping the proxy from the client, e.g. the
> budgetone phones support keep alive pinging.
>
> Klaus
More information about the sr-users
mailing list