Ray:
In my discussions about Kphone on another forum, I was informed about an app called siproxd from siproxd.sf.net which works with Kphone and Linphone. A short explanation of siproxd copied from the sipoxd.sf.net website:


Siprox is an proxy/masquerading daemon for the SIP protocol.
It handles registrations of SIP clients on a private IP network
and performs rewriting of the SIP message bodies to make SIP
connections possible via an masquerading firewall.
It allows SIP clients (like kphone, linphone) to work behind
an IP masquerading firewall or router.

Robert Chambers

Ray Olszewski wrote:

At 08:33 PM 11/24/2003 -0600, Robert Chambers wrote:

I am trying to use a Sip phone with Dachstein 1.02 and according to [EMAIL PROTECTED] I must open ports in the range of 5004 and 5060 - 65534 UDP. But according to an email that I received from their support, the phone will not work with Linux routers because they are NAT type is symmetric.

Here is a copy of one of the emails:

"Open ports range 5004 and 5060-65534 UDP in your firewall to allow
SIPphone calls. You might want to check first to see if you are behind asymetric NAT. Dial '*0' and wait for the announcement. If you hear the message "You are behind a NAT" then you won't be able to make any calls no matter how you set up your firewall. In this case you might want to try updating the firmware on your router. If that doesn't work then you will need to try a different router."


I've only started seeing the terms "symmetric NAT" and "asymmetric NAT" very recently, and I had to Google them to find out what they (probably) mean. If I've misunderstood the terms, than the rest of my reply is nonsense, and I apologize for wasting your time.

What I found (at http://www.kanga.nu/archives/MUD-Dev-L/2000Q1/msg00539.php; much more informative than the bafflegab on the sipphone.com Website) says that asymmetric NAT refers to situations where the number of internal IP addresses being NAT'd is greater than the number of external addresses they are being NAT'd to. Or, in terms more familiar to us old timers, "symmetric NAT" refers to the one-to-one NAT'ing of private to public IP addresses that I used to call static NAT, while "asymmetric NAT" refers to the many-to-one NAT'ing of private addresses to a single public address that I used to call dynamic NAT. (This simplifies things a bit too much, but not, I think, in ways that matter to the immediate problem.)

Linux (LEAF and other) routers can do both kinds of NAT'ing. (Even ipchains could do static NAT'ing, and iptables is only better at it.) But to do symmetric NAT'ing, you need multiple public IP addresses, and LEAF routers are often used in settings where the goal is to share a single public address over all the hosts in a network. If you have a separate public IP address you can assign to the SIP device, your LEAF router is quite able to static-NAT it for you.

But usually this sort of problem comes up in settings where only the single public address is available, and with peer-to-peer services like Kazaa and some multiplayer games. SIP is no different in principle from these other cases.

The usual workaround for this sort of problem is to port-forward the required ports to the host you want to run the service on. Unfortunately, as far as I can find out, there are no standards for the ports that SIP phones use, so you get nonsense advice like requiring 60000 ports (5060 to 65534) to be available to the SIP host. (Similarly, I've seen docs for a Cisco SIP phone that requires forwarding of ~32000 ports.)

If anyone knows a more comforting answer, I would love to see it. But I *believe* the problem here is not with Linux (or Linksys or Netgear or ... routers, all of which would also have this problem) but with a poor implementation of SIP by the vendor.

FYI, the latest version of the Linux app kphone allows the user to specify the port range that its SIP connections will use. I don't have that working yet ... I started working on getting it and FWD running but got distracted ... but it might be the basis for a workaround that involves forwarding only a handful of ports (a dozen of so) to a sensible VoIP/SIP provider.

In any case, the limitation you face derives not from Linux or LEAF, but from the availability of a single public IP address. Get a second address and the problem is easily handled by Linux. Without a second IP address ... you probably need to try a different VoIP supplier.





-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html






-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to