I have a machine A
in a private network from which I would like to make a VOIP call over SIP using pjsua
to a device B
on a public IP address. Because of the firewall on the network, I need to use a "jump box" to route all the data through because I cannot access the IP address of B
from machine A
. I can see the public internet from the jump box and I can connect between A
and the jump box via ssh
. Thus, I can make target device B
visible from A
by forwarding its IP and ports to localhost
ports on A
over ssh
.
Using such a setup to forward port 5060 for device B
, from the jump box to the localhost:5060
on machine A
, I can open pjsua
on A
and make the call to B
. I can see that the SIP transaction is successful and I get a 200 OK
message from the device B
.
However, even if I also forward ports from 4000-4050 for RTP transport in the same manner, I cannot send media files to the device B
for audio playback. I have confirmed that this is possible from another machine which is not behind a firewall the way A
is, so I know that device B
can receive files sent over pjsua
.
I believe what is happening is that the SIP messages received from device B
contain the IP address of B
, along with the RTP port to send the media files to. So, rather than sending them to say localhost:4000
which is forwarded to the right IP address, pjsua
attempts to send to the IP address of B
directly, which will be blocked by the firewall. (I'm not sure how to confirm this suspicion.) I believe I need to configure some kind of NAT on A
or for pjsua
specifically. However, I'm relatively inexperienced in SIP/pjsip, or in network configuration like this. I've tried using an iptables
command such as the following:
iptables -t nat -A OUTPUT -p all -d [IP_ADDR_B] -j DNAT --to-destination 127 .0.0.1
but to no avail. Can anyone point me in the right direction to make this call work?