[Freeswitch-users] IP PBX and NAT firewalls

Fred-145 codecomplete at free.fr
Fri Jan 8 05:03:00 PST 2010


Hello,

    I read a couple of thorough articles on SIP, and I'd like to make sure I
got things right when it comes to using SIP with NAT routers.
   
I know that, ideally, the IP PBX should be located in the DMZ to void
NAT-related issues in SIP, but SOHO routers don't necessarily support this,
so I'll assume that the SIP caller "Alice" and the IP PBX (eg. Freeswitch or
Asterisk) server are located in a non-routable, private LAN, while the
remote callee "Bob" is located on the Internet (either behind their own NAT
router, or connected with a public, routable address). The SIP phone of
Alice and Bob are both logged on to the Freeswitch server:

http://img46.imageshack.us/img46/5120/sipnatrouters.jpg

1. When Alice wants to call Bob, her SIP phone sends an SIP packet to the
Freeswitch server with her private IP address and a UDP port that it opened
to let incoming RTP packets from Bob

2. Freeswitch rings Bob's phone through the UDP port is used to register
with Freeswitch (usually, UDP5060). Bob's phone replies to Freeswitch with
his public IP address and the RTP port it chose to receive voice packets
from Alice

3. Once Bob picks up the phone, RTP voice packets flow directly between
Alice and Bob, while Freeswitch remains in the loop to handle call signaling
such as closing the connection when someone hangs up the call.

Provided this is how things work... there are three issues when one or all
SIP end-points are located in a (different) private LAN:
1. End-points use their private IP and a private UDP port for RTP. A server
has to translate this into a routable IP address, and...
2. it must negotiate with the NAT firewall to make sure this RTP port is
available, and if not, open some other port, and...
3. the server must rewrite the SDP packet to use this public port

I have a couple of questions:

1. Can Freeswitch/Asterisk handle this rewriting/negotiation?

2. Provided the NAT firewall doesn't support UPnP/NAT-PMP, does it mean I
must a) enable STUN in Freeswitch, b) set SIP end-points so that they use a
fixed port for RTP, and c) configure the NAT firewall to map this UDP port
to point to the SIP end-point?

3. Should SIP end-points be configured to use STUN/NAT, or should I let the
server handle the IP/port rewriting itself?

Thank you for any help.
-- 
View this message in context: http://old.nabble.com/IP-PBX-and-NAT-firewalls-tp27075600p27075600.html
Sent from the Freeswitch-users mailing list archive at Nabble.com.





More information about the FreeSWITCH-users mailing list