<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Robert,<div><br></div><div>NAT traversal is solved by OpenSIPS/MediaProxy combination for both signalling and media. Cost is important for an operator and any intermediate like an SBC, which does not bring any value to end customer is not likely to remain there for long.<div><br></div><div>What I am trying to figure out is if there are other good reasons besides the NAT issue for which the insertion of the SBC justifies its cost for an operator.</div><div><br></div><div>Regards,</div><div>Adrian</div><div><br><div><div>On Dec 11, 2008, at 2:02 AM, Robert Dyck wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>You are right, these terms are used in a rather casual manner. Also privacy <br>and security can never be absolute. However there are reasons why an <br>individual or organization may want to hide their topology. Those with bad <br>intentions may look for clues so that they may subvert the system.<br><br>Perhaps a stronger case can be made when we consider that NAT is perhaps the <br>biggest headache with SIP. Different service providers have different ideas <br>how they might overcome the problem. If a UA on a LAN or an extension on a <br>PBX appears as a simple UA with a public address then the chance of success <br>improves.<br><br>OpenSBC may be the way to go. It will act as a proxy or B2BUA. The nice thing <br>about OpenSIPS is its light weight if you don't need a lot of modules. I am <br>not a programmer but it seems to me that it would not be too difficult to <br>hide the private VIAs and CONTACTs. It already supports mediaproxy/rtpproxy.<br><br>On Wednesday 10 December 2008, Adrian Georgescu wrote:<br><blockquote type="cite">Robert,<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Could you expand on what you mean by:<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">1. Privacy<br></blockquote><blockquote type="cite">2. Extra security<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">These seem to be highly abused terms while there is no proper<br></blockquote><blockquote type="cite">description available of what they mean and for whom they provide the<br></blockquote><blockquote type="cite">benefit.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Adrian<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">On Dec 10, 2008, at 9:32 PM, Robert Dyck wrote:<br></blockquote><blockquote type="cite"><blockquote type="cite">I see a need for a very basic proxy-like B2BUA. This would<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">completely hide the<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">local topology. This would provide privacy and extra security as<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">well as<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">working around the bad behaviour of some service providers.<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Rob<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">On Wednesday 10 December 2008, Brett Nemeroff wrote:<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">For what it's worth, I've had problems doing this with some [broken]<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">carriers. Namely they see a private address in one of the Vias and<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">they assume it's NAT.. Pretty messy. If you look through the archive<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">you'll see what happened to me.<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">That being said, I think it's pretty unusual that this happens.<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">-Brett<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">On Wed, Dec 10, 2008 at 8:14 AM, Giuseppe Roberti <<a href="mailto:jnod@jnod.org">jnod@jnod.org</a>><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">wrote:<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Hi.<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">I have an opensips server running "between" a man local area and<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">internet. This mean that UAC comes from local area and gateways<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">are on<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">internet.<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">The local interface (eth0) ip is not reachable from internet.<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Opensips server can traverse the nat using add_local_rport(), can<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">mediaproxy do the same ?<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Regards.<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">--<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Giuseppe Roberti<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><<a href="mailto:jnod@jnod.org">jnod@jnod.org</a>><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">_______________________________________________<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Users mailing list<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">_______________________________________________<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Users mailing list<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">_______________________________________________<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Users mailing list<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br></blockquote></blockquote><br><br></div></blockquote></div><br></div></div></body></html>