Scenario:
private IP address range : Internet
10.0.0.x : (public IP address range)
:
: foo.bar.org
+-------------+ +--------------+
! !.10 .1 ! masquerading ! publicIP
! SIP UA !---------------! Firewall !------------>>
! ! ! siproxd !
+-------------+ +--------------+
eth0 : ppp0You may have a SIP UA (Phone) that does not allow the specification of an outbound proxy. If siproxd is running on the masquerading router, the following configuration will do so called transparent proxying. The firewall will redirect outgoing SIP messages to siproxd, however the local Client is not aware of it.
siproxd.conf:
if_inbound = eth0 if_outbound = ppp0 hosts_allow_reg = 10.0.0.0/24 sip_listen_port = 5060 daemonize = 1 silence_log = 1 user = siproxd registration_file = /var/lib/siproxd_registrations pid_file = /var/run/siproxd/siproxd.pid rtp_proxy_enable = 1 rtp_port_low = 7010 rtp_port_high = 7019 rtp_timeout = 300 default_expires = 600 debug_level = 0 debug_port = 0
Firewall configuration (iptables):
# redirect outgoing SIP traffic to siproxd (myself)
iptables -t nat -A PREROUTING -m udp -p udp -i eth0 \
--destination-port 5060 -j REDIRECT
# allow incoming SIP and RTP traffic
iptables -A INPUT -m udp -p udp -i ppp0 --dport 5060 -j ACCEPT
iptables -A INPUT -m udp -p udp -i ppp0 --dport 7070:7089 -j ACCEPT