Be warned, this (and all the other) documentantation is far from
complete. This is still considered an alpha release.


Overview:
=========
Siprox is an proxy/masquerading daemon for the SIP protocol.
It handles registrations of SIP clients on a private IP network
and performs rewriting of the SIP message bodies to make SIP
connections possible via an masquerading firewall.
It allows SIP clients (like kphone, linphone) to work behind
an IP masquerading firewall or router.

SIP (Session Initiation Protocol, RFC3261) is used by Softphones
(Voice over IP) to initiate communication. By itself, SIP does not
work via masquerading firewalls as the transfered data contains
IP addresses and port numbers.



Requirements:
=============
- libosip-0.8.8		(http://www.fsf.org/software/osip/)

Up to now, this packages only has been tested under an i386 Redhat Linux 6.0.
However, it should build and run under newer versions (feedback is welcome).



How to get started:
===================

- ./configure

- make

- make install

- copy sipproxd.conf.example to /etc/siproxd.conf

- edit /etc/siproxd.conf according to your situation
  At least 'host_inbound' and 'host_outbound' have to be adapted!
  host_inbound is your IP address of your private network,
  host_outbound is your publich IP address or hostname (if you
  have dynamic IP addresses, then you might want to use a hostname
  here and use a dynamic DNS service like dyndns.org)



What siproxd does:
=================
Siproxd's main purpose (up to now) is to rewrite SIP messages
to be able to operate via an masquerading firewall.
Since release 0.1.2 siproxd can proxy incomming RTP streams.



What siproxd does NOT do:
=========================

SINCE RELEASE 0.1.2:
  Siproxd should be able to proxy incomming RTP data streams (UDP only).
  This is still very experimental code ;-)
  The config parameters 'rtp_port_low' and rtp_port_high' define
  the port range that siproxd will use for incomming RTP data streams.
  'rtp_timeout' defines after what time an unused  (no data received)
  rtp stream is considered dead and removed.
  
  ** As I had not yet the possibility to test this feature,
  ** I'd be glad about feedback.

PRIOR TO RELEASE 0.1.2:
  Siproxd does *not* (yet) create masquerading tunnels or port-forwarding
  for the data stream through the firewall.

  These forwarding rules have to be set-up manually (currently)

  Example, using ipchains (mfw):
  # ipchains -A input --proto udp --dport 7078 -m 100 -j ACCEPT
  # ipmasqadm mfw -A -m 100 -r <remoteaddress> 7078

  Example, using ipchains (portfw):
  # portfw -a -P udp -L <localaddress> 7078 -R <remoteaddress> 7078



Limitations:
============
- currently, only UDP is supported
- very likely it does not follow the SIP spec in all details ;-)



Important Notice:
=================
The gethostbyname() function leaks memory in RedHat 6.0 with glibc 2.1.1.
The quick fix is to delete nisplus service from hosts entry in
/etc/nsswitch.conf. In my tests, memory use remained stable after I
made the mentioned change.
(source: http://www.squid-cache.org/Doc/FAQ/FAQ-14.html)


Contacts:
=========
Please feel free to contact the author to:
   - provide feedback
   - report bugs,
   - request for additional features
   - report interoperability with softphones
   - ...

and visit the website at http://siproxd.sourceforge.net/

Thomas Ries  (tries@gmx.net)
   GnuPG Public Key:
   pub  1024D/87BCDC94 2000-03-19 Thomas Ries (tries@gmx.net)
   Key fingerprint = 13D1 19F5 77D0 4CEC 8D3F  A24E 09FC C18A 87BC DC94