Scenario:
private IP address range : Internet
10.0.0.x : (public IP address range)
:
: foo.bar.org
+-------------+ +--------------+
! !.10 .1 ! masquerading ! publicIP
! SIP UA !---------------! Firewall !------------>>
! ! ! siproxd !
+-------------+ +--------------+
eth0 : ppp0 |
You may have a SIP UA (Phone) that does not allow the
specification of an outbound proxy. If siproxd is running
on the masquerading router, the following configuration will
do so called transparent proxying. The firewall will redirect
outgoing SIP messages to siproxd, however the local Client
is not aware of it.
siproxd.conf:
if_inbound = eth0
if_outbound = ppp0
hosts_allow_reg = 10.0.0.0/24
sip_listen_port = 5060
daemonize = 1
silence_log = 1
user = siproxd
registration_file = /var/lib/siproxd_registrations
pid_file = /var/run/siproxd/siproxd.pid
rtp_proxy_enable = 1
rtp_port_low = 7010
rtp_port_high = 7019
rtp_timeout = 300
default_expires = 600
debug_level = 0
debug_port = 0 |
Firewall configuration (iptables):
# redirect outgoing SIP traffic to siproxd (myself)
iptables -t nat -A PREROUTING -m udp -p udp -i eth0 \
--destination-port 5060 -j REDIRECT
# allow incoming SIP and RTP traffic
iptables -A INPUT -m udp -p udp -i ppp0 --dport 5060 -j ACCEPT
iptables -A INPUT -m udp -p udp -i ppp0 --dport 7070:7089 -j ACCEPT |