Hien Thai wrote: > Hi, > > This is in regards to supporting SIP with PAT (or NAPT) > on a firewall - I'm not a SIP expert so bare with me... > > If I had several phones behind the firewall with > a proxy on the outside of the firewall, and we are using > PAT, where these phones are all mapped to the same global > IP address, but different ports, then it would be very hard > to rewrite do PAT on some of the fields which do not > contain the port with the IP address. > > For instance, the From field can contain just the IP address: > > From: sip:[EMAIL PROTECTED] > > where 73.81.2.2 is the global IP address for the PAT pool > on the firewall. Say phone 10.0.0.1 & 10.0.0.2 are on the inside > & 10.0.0.1 is mapped to 73.81.2.2 port > There's no way the firewall can tell > which address it is mapped to. You don't need to rewrite the From field. It shouldn't contain an IP address as a general rule, and if it does, its not used for message forwarding. > > SO, I'm wondring if it's ok for the firewall to add the port to this field > like this: > > From: sip:[EMAIL PROTECTED]:1025 > > RFC 2543 section 4.3 states that : > > Proxy and redirect servers MAY use the information in the Request-URI > and request header fields to handle the request and possibly rewrite > the Request-URI. > > I would also need to rewrite the To: & Call-ID: field, but it doesn't look > like it's legal to rewrite the call-id field. The same for To and Call-ID. These are not used for message forwarding. The SIP headers of interest for an ALG are Via and Contact. Both of these can contain ports. Handling SIP through nat can be done without rewriting these. See: http://www.ietf.org/internet-drafts/draft-ietf-sip-nat-01.txt However, RTP is the real problem, and so ALGs are mostly concerned with the c and m lines in the SDP. -Jonathan R. -- Jonathan D. Rosenberg, Ph.D. 72 Eagle Rock Avenue Chief Scientist First Floor dynamicsoft East Hanover, NJ 07936 [EMAIL PROTECTED] FAX: (973) 952-5050 http://www.jdrosen.net PH: (973) 952-5000 http://www.dynamicsoft.com _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
