[Serusers] Running SER Server behind NAT
Michael Grigoni
michael.grigoni at cybertheque.org
Thu May 11 19:23:33 CEST 2006
Alan wrote:
> Thanks for responding.
>
> I was referring to the SIP server interface defined with a non-routable
> class A (10.x.x.x) IP address for example. The PIX firewall is configured
> with a static NAT translation (12.x.x.x <--> 10.x.x.x) and an access control
> list which directs traffic destined for port 5060 outside global address to
> the NAT'ed inside address.
Indeed, the only workable solution we found is to run 'ser' on the 'nat
router' itself, which in our case is a border router running OpenBSD on
sparc. 'ser' is configured to listen on the router's public ip and on
the internal (NAT'ed) private (RFC 1918) networks; we run 'rtpproxy' on
the same host to handle the rtp payload with internal UAs which are
clients on private (RFC 1918) addresses.
Our 'ser.cfg' is somewhat more complicated than is usual for a small
network.
I have not really investigated using NAT-T in this scenario.
Regards,
Michael Grigoni
Cybertheque Museum
More information about the sr-users
mailing list