UDP nat question

Damjan gdamjan at mail.net.mk
Thu Apr 21 14:17:08 CEST 2005


> Imagine a host behind NAT with IP 192.168.22.33 which has an application 
> on port 5060 ( a sip client) and opens a connection to a server outside 
> the NAT (the sip registrar with IP 130.11.22.33 on port 5060), and 
> consider that the NAT box translates the SIP client src_ip to 
> 129.11.22.33 and src_prt to 5054, for this communication.
> 
> The SIP registrar is able to reach the SIP client running on 
> 192.168.22.33:5060 by using 129.11.22.33:5054, but what about other 
> hosts on the Internet? Will they also be able to reach the SIP client 
> using the pair 129.11.22.33:5054, 

They can't

> or only packets coming from the SIP registrar be accepted?

yes.

Sip clients behind NAT must use a Proxy.


-- 
damjan | дамјан
This is my jabber ID --> damjan at bagra.net.mk <-- not my mail address!!!



More information about the netfilter mailing list