You could create an alias for the inbound IPs for SIP/RTC and limit the
source on the NAT rule with that alias. Then your WebRTC users will
be unaffected because their src/dst/port triplet will not match that
NAT.
https://www.twilio.com/docs/api/voice/sip-interface - see IP address
whitelist.
Cheers
Jon
On Sat, 2018-03-10 at 21:19 -0500, Moshe Katz wrote:
> I have an installation with a single public IP address that uses an
> Asterisk PBX connected to a Twilio SIP Trunk. The provider does not
> offer
> additional IP addresses.
>
> Right now, in order for the SIP audio to work, I need to forward UDP
> ports
> 1-2 to the PBX since Twilio says media can come on any of
> those
> ports.
> However, this breaks the ability of other users on that connection to
> use
> WebRTC media because WebRTC uses that same port range for media.
>
> The only real information that I have found discussed in the past is
> about
> using sipproxd in the case of having multiple SIP devices inside the
> firewall to allow all of them to use port 5060 (SIP signaling) and
> have the
> firewall rewrite the SIP traffic for each one.
>
> However, I can't seem to find any information about my use-case of a
> single
> SIP device and not having to forward the ports for the media.
> Can sipproxd help me with that?
> Any other ideas?
>
> Thanks,
> Moshe
>
> --
> Moshe Katz
> -- kohenk...@gmail.com
> -- +1(301)867-3732
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
