|
 |
|
Incoming SIP Requests
This is what does for incoming SIP requests:
1.
|
Catch any packet on port 5060 going through the firewall or to the firewall itself.
|
2.
|
Inspect the headers and the body of the packet.
|
3.
|
The body will probably contain SDP information about which media streams the sender wishes to receive, and which IP address and ports it wants to use for this. Some of this information will be stored in the firewall, depending on the characteristics of the SIP request (stateful transaction).
|
5.
|
The packet will be forwarded to the device that the user has registered from.
|
6.
|
Allocate a port on one of the firewall's outside IP addresses. The firewall has a set of ports dedicated for SIP traffic.
|
7.
|
Replace all IP information in the headers and body with the new IP address and port.
|
8.
|
Also replace the Via header of the client with one containing information about the firewall.
|
9.
|
Set up a firewall rule to let the media stream through.
|
10.
|
Intercept all following packets for this media stream and rewrite their IP headers.
|
11.
|
Remove the firewall rule when the session is terminated.
|
|