You could create an alias for the inbound IPs for SIP/RTC and limit the
 source on the NAT rule with that alias.  Then your WebRTC users will
be unaffected because their src/dst/port triplet will not match that
NAT. - see IP address


On Sat, 2018-03-10 at 21:19 -0500, Moshe Katz wrote:
> I have an installation with a single public IP address that uses an
> Asterisk PBX connected to a Twilio SIP Trunk. The provider does not
> offer
> additional IP addresses.
> Right now, in order for the SIP audio to work, I need to forward UDP
> ports
> 10000-20000 to the PBX since Twilio says media can come on any of
> those
> ports.
> However, this breaks the ability of other users on that connection to
> use
> WebRTC media because WebRTC uses that same port range for media.
> The only real information that I have found discussed in the past is
> about
> using sipproxd in the case of having multiple SIP devices inside the
> firewall to allow all of them to use port 5060 (SIP signaling) and
> have the
> firewall rewrite the SIP traffic for each one.
> However, I can't seem to find any information about my use-case of a
> single
> SIP device and not having to forward the ports for the media.
> Can sipproxd help me with that?
> Any other ideas?
> Thanks,
> Moshe
> --
> Moshe Katz
> --
> -- +1(301)867-3732
> _______________________________________________
> pfSense mailing list
> Support the project with Gold!
pfSense mailing list
Support the project with Gold!

Reply via email to