UDP nat question
gtaylor at riverviewtech.net
Thu Apr 21 20:02:17 CEST 2005
I don't know for sure but I believe that other clients trying to reach your SIP client on 126.96.36.199:5054 will fail as the SNAT mapping maintained by your NAT router is using the source IP, source port, destination IP, and destination port that it sees in the traffic coming from the SIP client device as it's key to match packets in it's internal structure. Thus when some other client on the net tries to connect to your SIP device on port 5054 your NAT firewall / router will see this as invalid traffic. I believe that if you want other clients on the net to be able to contact your SIP device you will need to port forward port 5060 to your SIP device, or all the traffic will need to pass through a SIP proxy somewhere on the net.
Now for the disclaimer: I'm guessing at this, but from everything that I have read and worked with this is the behavior that I would expect to see in such a situation.
Grant. . . .
> First of all, thanks for replying, it's clear now.
> I have one more question related to this:
> Imagine a host behind NAT with IP 192.168.22.33 which has an application
> on port 5060 ( a sip client) and opens a connection to a server outside
> the NAT (the sip registrar with IP 188.8.131.52 on port 5060), and
> consider that the NAT box translates the SIP client src_ip to
> 184.108.40.206 and src_prt to 5054, for this communication.
> The SIP registrar is able to reach the SIP client running on
> 192.168.22.33:5060 by using 220.127.116.11:5054, but what about other
> hosts on the Internet? Will they also be able to reach the SIP client
> using the pair 18.104.22.168:5054, or only packets coming from the SIP
> registrar be accepted?
> Thanks again
> Filipe Abrantes
More information about the netfilter