Karl O. Pinc wrote:
On 02/02/2006 07:02:25 PM, Jon Simola wrote:
On 2/2/06, Tim Pushor <[EMAIL PROTECTED]> wrote:
> Sorry to keep pestering, but this is kind of a show stopper for me.
Does
> anyone have any ideas?
If it's a serious show stopper you can probably find a lot of
consultants who would certainly be willing to help.
> > Somehow ask pf to NAT the outbound UDP but don't make the
> > state entry.
nc(1) can be used to construct arbitrary tcp/udp proxies which sounds
like what you're looking for.
He does not want a proxy, I think what he wants is binat but he does
not know it. (Binat nats outbound and rdr's inbound.)
Karl, you've said this before but I can't figure out how I'd use binat
in this configuration. I'd love to be shown though ;) I've used binat to
map external IP addresses to internal addresses but my firewall just has
one dhcp provided address from an ISP (its just a cable modem).
I'd prefer to not use a proxy if possible. I don't think its
unreasonable* to want to be able to control if I need a NAT state
created for return UDP traffic since there are many cases (including
this one) where this would be redudant and its inclusion broke something
(like this case). In fact, its possible that this issue could affect
other connections, not only symmetric ones - where the UDP port is
picked from an available pool its possible that an old UDP return
traffic state could affect a brand new connection.
A real solution would be to use a SIP/RTP proxy at the firewall, but
with asterisk's current state of affairs it'd be a bit of a hack.
Thanks for all the suggestions,
Tim
* - I mean to say its reasonable to WANT it, not reasonable to expect
that it be in pf :-)
