On Thu, Jun 27, 2002 at 07:49:14PM +0200, Patrick Schaaf wrote: > On Thu, Jun 27, 2002 at 12:01:05PM -0500, Glover George wrote: > > Yes, SIP can get very hairy, because it's primarily xml -ished based. > > SIP is very similar to HTTP, and thus any special protocol action would > best be handled by the traditional application level gateway. The REDIRECT > target can be used to transparently address that gateway. > > There's no need for any new magic within iptables, I think.
yes, there is. Please believe me, I've spent days reading through the SIP specs and reading all the documents about SIP firewall/NAT traversal. People have even written Master Thesis' about this issue, because of it's complexity. In the end, a combination of an application-level proxy and the firewall/nat device is needed, where the proxy is instructing the firewall/nat device what to do. > best regards > Patrick -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)