> Isn't the answer to this to do with the way SIP needs to connect > through firewalls. On my meagre understanding IAX handles this much > better. So why aren't we all using IAX?
IAX is a wonderful thing... Single UDP port, tunnels over multiple NAT layers with ease, lower overheads... Down side is that currently only a few phones and asterisk support it. (and one other soft switch, the name of which escapes me). Support from some of the larger players is on the way, and Asterisk is gaining momentum with large corporates so we'll see it become more popular over time.. SIP is also superior when it comes to large scale switching environments, as it allows the payload (RTP) to be separated from the signalling (SIP). This is of course what causes problems for the firewalls and NAT traversal, as it's not immediately obvious to non-sip aware firewalls that the RTP traffic is related to the SIP traffic. The ability to redirect the RTP traffic to a different end point from the signalling gives you a great deal of flexibility in large scale applications, particularly for billing as the central server can monitor call progress and termination even though it doesn't have to handle the media payload. (As of asterisk 1.4 IAX supports this as well, but none of the major soft switches support it yet, as their development cycles are far longer than that of Asterisk) So, did anyone actually know how to get SIP connections through a pfsense box? I've got around it for the moment by removing adding a SIP proxy running on another machine across the firewall, but will try monowall when I get some free time.. Cheers, Chris H. >