You could create an alias for the inbound IPs for SIP/RTC and limit the source on the NAT rule with that alias. Then your WebRTC users will be unaffected because their src/dst/port triplet will not match that NAT.
https://www.twilio.com/docs/api/voice/sip-interface - see IP address whitelist. Cheers Jon On Sat, 2018-03-10 at 21:19 -0500, Moshe Katz wrote: > I have an installation with a single public IP address that uses an > Asterisk PBX connected to a Twilio SIP Trunk. The provider does not > offer > additional IP addresses. > > Right now, in order for the SIP audio to work, I need to forward UDP > ports > 10000-20000 to the PBX since Twilio says media can come on any of > those > ports. > However, this breaks the ability of other users on that connection to > use > WebRTC media because WebRTC uses that same port range for media. > > The only real information that I have found discussed in the past is > about > using sipproxd in the case of having multiple SIP devices inside the > firewall to allow all of them to use port 5060 (SIP signaling) and > have the > firewall rewrite the SIP traffic for each one. > > However, I can't seem to find any information about my use-case of a > single > SIP device and not having to forward the ports for the media. > Can sipproxd help me with that? > Any other ideas? > > Thanks, > Moshe > > -- > Moshe Katz > -- kohenk...@gmail.com > -- +1(301)867-3732 > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold