SIP just isn't firewall/NAT friendly. I've been thinking of writing a pcap-based sniffer that modifies firewall rules using my dfd_keeper stuff to support SIP and other protocols across a pf firewall.
Of course, with IAX/IAX2 it's much easier, since they only use one UDP port. If you can talk SIP locally to the asterisk box and IAX externally to a provider, it'd be much easier. I used to do that, but for some reason FWD's free IAX gateway no longer seems to work. It could be worse, you could be talking H.323... ;-) -- http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
