[Users] symmetric firewall without nat
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Apr 19 18:16:37 CEST 2007
Alexander Bergolth wrote:
> Hi!
>
> In our organization there are many subnets with public-ip-adresses that
> are behind stateful-firewalls that prevent incoming connections from
> outside. If the clients are in two different protected subnets, they
> won't be able to communicate without an rtpproxy.
>
> Unfortunately since there is no NAT involved, the nat_uac_test() won't
> be useful. Is there any other way for the server to detect that an
> rtpproxy has to be used?
No.
> Is there a way for the clients to detect it and
> report it to the server?
A client is possible to detect a symmetric firewall by use of STUN. But
AFAIK there is standard based way to inform the SIP proxy about the STUN
result. There are some clients which report the result of the STUN
process to the SIP proxy in a proprietary header (I think I have seen
this with SNOM). These header could be evaluated by the proxy.
The easy way would be to force the RTP proxy for all calls.
You could also check if a call is from and to a suspect IP address range
and acticvate the RTP proxy for these calls.
regards
klaus
More information about the sr-users
mailing list