On Wed, Oct 11, 2006 at 09:32:07AM -0400, Martin Gignac wrote: > On 10/11/06, ropers <[EMAIL PROTECTED]> wrote: > >I've just had another thought: > > > >Why do the IP phones have to have public IPs? > > > >Is this because giving them NATted, private range IPs previously > >didn't work so well? > > The VoIP phones Patrick is using are probably (my guess) using the > Session Initiation Protocol (SIP) for signalling. > > http://en.wikipedia.org/wiki/Session_Initiation_Protocol > > SIP embeds IP information of the host (phone) inside the exchanged > application messages and make use of the Session Description Protocol > whenever it tries to set up a voice call (using the INVITE > transaction) so that both phone know which kind of of voice/video > stream encoding to expect, and on which port and IP it'll be coming > to/from. > > http://en.wikipedia.org/wiki/Session_Description_Protocol > > If Patrick puts the phones behind a NAT box then the phones will have > private IPs and will reflect these privates IPs in whatever SIP > messages they send out onto the Internet. Unfortunately, if "public" > phones receive these SIP messages with private IPs they might try to > contact said IPs, which will fail miserably. It's a similar issue to > NAT and FTP, since FTP also embeds IP address inside the control > stream of the FTP session. Hence this is why OpenBSD has ftp-proxy(8). > > If Patrick wants to use SIP behind NAt he'll need the added > "intelligence" of an Application Level Gateway. > > http://en.wikipedia.org/wiki/Application-level_gateway > > An ALG tracks SIP sessions and performs all the necessary NATs and > creates all the dynamic firewall rules to allow incoming and outgoing > media traffic for phone calls. > > I don't think pf alone will fit the bill for this. That's why if he > has public IPs available for the phones it might be the quickest route > to success. > > Still, if you *are* stuck behind a NAT and you have SIP phones and you > don't want to spend a fortune on an ALG there might be open source > solutions (which I have never looked into) that will achieve the same > thing. > > A quick search on Google did turn this up: > > http://siproxd.sourceforge.net/index.php?op=overview > > Could be interesting... > > -Martin If my memory serves me right, SIP actually has ALG built into the standard itself and www.opensip.org might already give you what you want.
NAT traversal has been a problem for VoIP and there are several strategies. I am talking about UDP hole punching in my article. But you can do the same thing for TCP too though it might not work as reliably as UDP. http://www.linuxjournal.com/9004 But what I am wondering is since this is a known issue, if there is any better and more elegant solutions already... regards, Girish
