Okay, this is the simple plan for starters.
External
networks Preferably has
| .- Dynamic DNS entry
.-- | / for real world IP
| NAT router <-'
Optional -->| |
| | <---- DNAT of ports to proxy
`-- |
| --.
SIP/RTP proxy |
/ | \ | Must have ability
/ | \ |<-- to talk directly
UA1 UA2 UAn | without NAT or firewall
--'
UA = User Agent
SIP = control channel
RTP = data channel
Required configuration for SIP proxy:
* DNS name / real world IP for external traffic
* Specific list of ports that it will listen/send on
* address of Internal network
Useful configuration:
* user to IP mapping for internal calls
* catchall to IP mapping of unknown/unspecified user
SIP process flow:
0. if $from ! in $internal_net && $to ! in $internal_net
then drop and ALERT
1. if $from in $internal_net && $to in $internal_net
then forward
(With no modification this should then cause the UAs to negotiate RTP as
normal)
2. if packet = BYE
then modify, forward, remove connection record and close UDP RTP ports
3. if active connection then modify and forward
4. if $from in $internal_net && $to ! in $internal_net
then record connection
modify and forward
5. if $from ! in $internal_net && $to in $internal_net
then record connection
lookup user_to_IP_mapping, modify and forward
modify()
if ($from_ip or $to_ip) ! in $internal_net
then
if $from_ip in $internal_net then rewrite to $real_world_ip from DNS query
if $to_ip in $internal_net then rewrite to $proxy_internal_ip
if packet = SIP
then
rewrite local UDP ports for RTP to those defined in config
open RTP connections
forward modified packet
|