Work with a Firewall with NAT
98
SIPxNano IP-PBX Getting Started Guide
B • Firewalls and NAT
Work with a Firewall with NAT
If you are using multiple phones behind a firewall with NAT, and if that firewall has only a single external IP
address, you must open a unique set of external SIP and RTP/RTCP port/address pairs for each phone that
makes calls through the firewall.
When you set up these ports for your firewall, you associate the phone’s IP address with each one. This process
is sometimes called port mapping; that is, mapping a port on the external or public side of the firewall to a spe-
cific port and device IP address inside the firewall.
Note
The RTP ports specified for a phone must be consecutive.
However, when you have multiple phones behind the firewall, you use different ports for each one. For exam-
ple, open unique SIP port 5060 for phone A, port 5061 for phone B, and 5062 for phone C. Then open a
range of eight unique, consecutive RTP/RTCP ports for each phone: 8000 to 8007 for phone A, 8008 to 8015
for phone B, 8016 to 8023 for phone C.
The configuration for your firewall may look something like this:
IP address forphone A: 192.168.0.3
phone B: 192.168.0.4
phone C: 192.168.0.5
You must also make sure that each phone’s Port for inbound SIP TCP messages,
the Starting port for
inbound SIP UDP messages,
and
the Starting port for RTP/RTCP packets
reflect these values:
Table 12. Parameter settings for certain phones
Parameter Setting:
Phone A
192.168.0.3
Phone B
192.168.0.4
Phone C
192.168.0.5
SIP_TCP_PORT
5060
5061
5062
SIP_UDP_PORT
5060
5061
5062
PHONESET_RTP_PORT_START 8000
8008
8016
