On Fri, Jun 08, 2007 at 07:48:59AM +0100, Simon Hobson wrote: > Along with NAT you need Application Level Gateways (ALGs) > for the many protocols it breaks (including FTP and SIP), and for SIP > it's far from trivial to build an ALG - in fact it's impractical to > build a universal ALG that will work in all possible situations > because it requires an intimate knowledge of how the network appears > to the client which may not be the same as how it appears to the > gateway.
I vaguely recall (but can't find offhand) somebody demonstrating that a universal SIP NAT solution is actually *impossible* - some of the scenarios are indistinguishable at the gateway but require different handling, and you can't do that without sufficient prior knowledge of the network to identify which ones to use based on static admin-supplied instructions matching the IP address or port number or whatever your particular solution requires. The closest you can get would look vaguely like shorewall, a big heap of tools provided in the hope that the admin can find some way to hook them together that will work in their case, but with no particular reason to expect that they will always be able to (for example, non-trivial mixing of IPsec, SIP, and NAT is unlikely to ever work exactly right and there's a good chance that nobody will be able to understand why). ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
