Jump to content

NAT - sip proxying - External extensions


Recommended Posts

Hi all.


Here is our current setup, it's very simple and works fine.


Internal network (192.168.1.x) - snom server ( -- Second nic ( -- connection to comcast business ( - internet


We use 4 pstn lines with an fxo gateway, and also a second trunk to a sip provider for outgoing calls.

The reason for the second nice is due to having to connect to the Comcast router directly. It sits on a 1 to 1 nat. (DMZ is already taken by another server)


Internally all phones work wonderfully. Obviously this creates problem with any outside extension. IE direct extensions at home, softphones running on smart phones. They register fine but 1 way audio only. Right, RTP and nat not playing nice. Home extension works great with IPSEC vpn.


So what we are doing is removing the whole 10 network out of the picture. We have a block of addresses and my original plan was to put the pbx's second nic right on a live address but after thinking about that it might not be the best idea. So here comes introduction of a sip proxy. That way this can sit live on the net and keep our production pbx at least 1 level protected.


Not sure if anyone here is using milkfish but that is the plan it so run milkfish on a dd-wrt router. My question is twofold. Is there anything I should be aware of when implementing a sip proxy. From what i've read this eliminates the issues we've had with remote extensions etc. Second, has anyone actually implemented milkfish? Hope this is the right place for this question, I know its not specifically snom but it plays into the whole system.


Thanks much


Link to comment
Share on other sites

Take a look at the good old Wiki http://kiwi.pbxnsip.com/index.php/Office_with_private_and_public_IP_addresses. It describes the pain you are going through.


A SIP proxy won't help you as the real problem is not SIP, it is RTP. Plus there are protocols like TFTP, HTTP, HTTPS, LDAP and possibly other ports that are also causing problems. One of the two parties (the PBX) has to advertize a routable IP address (AKA public IP address). You could try to use the "IP routing list", but beware this is tricky and easy to screw a lot of things up.


I would try everything to get the PBX NIC on a public IP address.


IPv6 address will also do. Okay, I am dreaming now.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...