Re: SIP with NAT traversal and STUN using NPF

To: Martin Husemann <martin%duskware.de@localhost>
Subject: Re: SIP with NAT traversal and STUN using NPF
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Mon, 15 Jun 2026 18:04:00 -0400

Martin Husemann <martin%duskware.de@localhost> writes:

> Just for the record: I got it working.
>
> Various bugs on my side, and I needed to order the various "map" statements
> in my npf.conf from most specific to catch-all default NAT map.

Thanks for following up.

So in the end, did the STUN and NAT work as I was describing, and this
was just having NAT set up correctly, instead of some odd not-right NAT?

I am curious about your multiple map statements and most specific to
catch-all.  Mostly I would expect

  map $ext_if dynamic $lan_prefix -> ifaddrs($ext_if)

and that's it, combined with "pass out keep state" that hits those
packets too.

I don't immediately understand why one would want more NAT directives.
If you can post a (redacted?) version and explain what you are doing, I
think many would be interested.  npf has a lot of good to it, but it
feels only 90% finished with a few wrinkles.

References:
- SIP with NAT traversal and STUN using NPF
  - From: Martin Husemann
- Re: SIP with NAT traversal and STUN using NPF
  - From: Greg Troxel
- Re: SIP with NAT traversal and STUN using NPF
  - From: Martin Husemann
- Re: SIP with NAT traversal and STUN using NPF
  - From: Greg Troxel
- Re: SIP with NAT traversal and STUN using NPF
  - From: Martin Husemann
- Re: SIP with NAT traversal and STUN using NPF
  - From: Greg Troxel
- Re: SIP with NAT traversal and STUN using NPF
  - From: Martin Husemann

Prev by Date: Re: SIP with NAT traversal and STUN using NPF
Previous by Thread: Re: SIP with NAT traversal and STUN using NPF
Indexes:

Home | Main Index | Thread Index | Old Index