How to configure NAT for SIP calls. No media transfer on pjsua SIP call to device through ssh port forwarding

540 Views Asked by At

I have a machine A in a private network from which I would like to make a VOIP call over SIP using pjsua to a device B on a public IP address. Because of the firewall on the network, I need to use a "jump box" to route all the data through because I cannot access the IP address of B from machine A. I can see the public internet from the jump box and I can connect between A and the jump box via ssh. Thus, I can make target device B visible from A by forwarding its IP and ports to localhost ports on A over ssh.

Using such a setup to forward port 5060 for device B, from the jump box to the localhost:5060 on machine A, I can open pjsua on A and make the call to B. I can see that the SIP transaction is successful and I get a 200 OK message from the device B.

However, even if I also forward ports from 4000-4050 for RTP transport in the same manner, I cannot send media files to the device B for audio playback. I have confirmed that this is possible from another machine which is not behind a firewall the way A is, so I know that device B can receive files sent over pjsua.

I believe what is happening is that the SIP messages received from device B contain the IP address of B, along with the RTP port to send the media files to. So, rather than sending them to say localhost:4000 which is forwarded to the right IP address, pjsua attempts to send to the IP address of B directly, which will be blocked by the firewall. (I'm not sure how to confirm this suspicion.) I believe I need to configure some kind of NAT on A or for pjsua specifically. However, I'm relatively inexperienced in SIP/pjsip, or in network configuration like this. I've tried using an iptables command such as the following:

iptables -t nat -A OUTPUT -p all -d [IP_ADDR_B] -j DNAT --to-destination 127 .0.0.1

but to no avail. Can anyone point me in the right direction to make this call work?

0

There are 0 best solutions below