Date: Tue, 6 Dec 2005 22:09:23 +0200 From: "Gee Jay" <geejay@inbox.lv> To: <freebsd-pf@freebsd.org> Subject: Can PF do Cone NAT ? Message-ID: <CPEBJFBCDCKKIHJAODHCMEPHCBAA.geejay@inbox.lv>
next in thread | raw e-mail | index | archive | help
Dear Gentlemen, I am struggling to set up NAT / Port redirection on a PFSense firewall (which uses PF) for the SIP Protocol or rather its RTP media streams. By all appearances the NAT in PF seems to work as a symmetric NAT which causes SIP in certain cases to fail. The VOIP provider in question uses on his side several media boxes with their own IPs to stream the RTP Media via UDP. My understanding of the problem is that the NAT in PF uses a different NAT port for each public destination IP so that the media boxes talk back to "dead" ports on the NAT. Whereas in the cone NAT only one port irrespectively of the external IP addressed. For further explanations regarding the problem see here: http://corp.deltathree.com/technology/nattraversalinsip.pdf or here http://list.sipfoundry.org/archive/ietf-behave/pdf00000.pdf http://en.wikipedia.org/wiki/Restricted_cone_NAT My basic question is: Can PF do a cone NAT ? And if so, how ? The PF documentation didn't help me unfortunately. Thanks for your help in the matter. GeeJay
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CPEBJFBCDCKKIHJAODHCMEPHCBAA.geejay>