[OpenSIPS-Users] Old question about mediaproxy "bridge" mode between public and private networks

Robert Dyck rob.dyck at telus.net
Thu Dec 11 02:02:14 CET 2008


You are right, these terms are used in a rather casual manner. Also privacy 
and security can never be absolute. However there are reasons why an 
individual or organization may want to hide their topology. Those with bad 
intentions may look for clues so that they may subvert the system.

Perhaps a stronger case can be made when we consider that NAT is perhaps the 
biggest headache with SIP. Different service providers have different ideas 
how they might overcome the problem. If a UA on a LAN or an extension on a 
PBX appears as a simple UA with a public address then the chance of success 
improves.

OpenSBC may be the way to go. It will act as a proxy or B2BUA. The nice thing 
about OpenSIPS is its light weight if you don't need a lot of modules. I am 
not a programmer but it seems to me that it would not be too difficult to 
hide the private VIAs and CONTACTs. It already supports mediaproxy/rtpproxy.

On Wednesday 10 December 2008, Adrian Georgescu wrote:
> Robert,
>
> Could you expand on what you mean by:
>
> 1. Privacy
> 2. Extra security
>
> These seem to be highly abused terms while there is no proper
> description available of what they mean and for whom they provide the
> benefit.
>
> Adrian
>
> On Dec 10, 2008, at 9:32 PM, Robert Dyck wrote:
> > I see a need for a very basic proxy-like B2BUA. This would
> > completely hide the
> > local topology. This would provide privacy and extra security as
> > well as
> > working around the bad behaviour of some service providers.
> > Rob
> >
> > On Wednesday 10 December 2008, Brett Nemeroff wrote:
> >> For what it's worth, I've had problems doing this with some [broken]
> >> carriers. Namely they see a private address in one of the Vias and
> >> they assume it's NAT.. Pretty messy. If you look through the archive
> >> you'll see what happened to me.
> >>
> >> That being said, I think it's pretty unusual that this happens.
> >> -Brett
> >>
> >> On Wed, Dec 10, 2008 at 8:14 AM, Giuseppe Roberti <jnod at jnod.org>
> >>
> >> wrote:
> >>> Hi.
> >>>
> >>> I have an opensips server running "between" a man local area and
> >>> internet. This mean that UAC comes from local area and gateways
> >>> are on
> >>> internet.
> >>> The local interface (eth0) ip is not reachable from internet.
> >>> Opensips server can traverse the nat using add_local_rport(), can
> >>> mediaproxy do the same ?
> >>>
> >>> Regards.
> >>>
> >>> --
> >>> Giuseppe Roberti
> >>> <jnod at jnod.org>
> >>>
> >>> _______________________________________________
> >>> Users mailing list
> >>> Users at lists.opensips.org
> >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >>
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.opensips.org
> >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users





More information about the Users mailing list