> Alternatively, it's more admin but also more reliable to statically > configure everything. Manually configure each SIP device to use a > different port for it's SIP traffic, and a different port range for > it's RTP traffic. Configure them with knowledge of their public IP, > and manually configure your firewall with all the corresponding NAT > mappings. > THAT is exactly what I have been doing for the past year or so - very painful experience, though once done it works for good (well, most of the time!). I am also strongly against using STUN as, for me, this is an abomination and should never EVER be used.
> <mounts soapbox> > The real answer is to persuade the world and his dog that NAT == > Broken. By definition, NAT breaks rule 1 of IP connectivity that > requires every device to have a globally unique and routeable address. > If only as much effort was put into making IPv6 as ubiquitous as IPv4 > as is put into trying to work round (eg writing ALGs to put into NAT > gateways) the fundamental breakage of NAT then I think IPv6 would be > a lot further on than it is. > OK, I have a confession to make - when I first looked at your post, it reminded me of something, but I couldn't put my finger on it until I came across the above paragraph and then I remembered - when I started looking over the web for more info about the above two modules I read a thread (I think it was in one of the Shorewall mailing lists from a while ago) containing a rather well-thought-out well-drilled rant by somebody (it might have been you, actually, in which case hats off to you, sir!) about SIP/NAT and the like - it made me laugh out loud because every single word of that rant was 100% true! Pure genius! ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
