Date: Wed, 7 Dec 2005 08:47:55 +0100 From: "Constant, Benjamin" <bconstant@be.tiauto.com> To: 'Gee Jay' <geejay@inbox.lv> Cc: freebsd-pf@freebsd.org Subject: RE: Can PF do Cone NAT ? Message-ID: <B6D948D84090A54ABCD88AA391DAAC8C021F7D8D@tiasbel00ex00.be.eu.tiauto.com>
next in thread | raw e-mail | index | archive | help
Hi, I'm maybe wrong but did you try with the static-port option on your nat rules? Regards, Benjamin Constant TI Automotive=0D > -----Original Message----- > From: owner-freebsd-pf@freebsd.org=0D > [mailto:owner-freebsd-pf@freebsd.org] On Behalf Of Gee Jay > Sent: mardi 6 d=E9cembre 2005 21:09 > To: freebsd-pf@freebsd.org > Subject: Can PF do Cone NAT ? >=0D > Dear Gentlemen, >=0D > I am struggling to set up NAT / Port redirection on a PFSense=0D > firewall (which uses PF) for the SIP Protocol or rather its=0D > RTP media streams. >=0D > By all appearances the NAT in PF seems to work as a symmetric=0D > NAT which causes SIP in certain cases to fail. >=0D > The VOIP provider in question uses on his side several media=0D > boxes with their own IPs to stream the RTP Media via UDP. My=0D > understanding of the problem is that the NAT in PF uses a=0D > different NAT port for each public destination IP so that the=0D > media boxes talk back to "dead" ports on the NAT. > Whereas in the cone NAT only one port irrespectively of the=0D > external IP addressed. >=0D >=0D > For further explanations regarding the problem see here: > http://corp.deltathree.com/technology/nattraversalinsip.pdf > or here > http://list.sipfoundry.org/archive/ietf-behave/pdf00000.pdf > http://en.wikipedia.org/wiki/Restricted_cone_NAT >=0D > My basic question is: Can PF do a cone NAT ? And if so, how ?=0D > The PF documentation didn't help me unfortunately. >=0D > Thanks for your help in the matter. >=0D > GeeJay >=0D > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >=0D The information contained in this transmission may contain privileged and confidential information. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This communication is from TI Automotive.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B6D948D84090A54ABCD88AA391DAAC8C021F7D8D>