You could create an alias for the inbound IPs for SIP/RTC and limit the
source on the NAT rule with that alias. Then your WebRTC users will
be unaffected because their src/dst/port triplet will not match that
https://www.twilio.com/docs/api/voice/sip-interface - see IP address
On Sat, 2018-03-10 at 21:19 -0500, Moshe Katz wrote:
> I have an installation with a single public IP address that uses an
> Asterisk PBX connected to a Twilio SIP Trunk. The provider does not
> additional IP addresses.
> Right now, in order for the SIP audio to work, I need to forward UDP
> 1-2 to the PBX since Twilio says media can come on any of
> However, this breaks the ability of other users on that connection to
> WebRTC media because WebRTC uses that same port range for media.
> The only real information that I have found discussed in the past is
> using sipproxd in the case of having multiple SIP devices inside the
> firewall to allow all of them to use port 5060 (SIP signaling) and
> have the
> firewall rewrite the SIP traffic for each one.
> However, I can't seem to find any information about my use-case of a
> SIP device and not having to forward the ports for the media.
> Can sipproxd help me with that?
> Any other ideas?
> Moshe Katz
> -- kohenk...@gmail.com
> -- +1(301)867-3732
> pfSense mailing list
> Support the project with Gold! https://pfsense.org/gold
pfSense mailing list
Support the project with Gold! https://pfsense.org/gold