NAT considerations

Many networks use NAT to minimize cost, conserve public IP addresses and to avoid direct routing from the public Internet. RTC applications can work in a NAT environment, however, there are some points to be aware of.

One common technique used for web servers involves hosting the public IP address on the firewall and creating a port forwarding rule redirecting all incoming connections to the internal IP address of a web server. This approach works for some types of services, such as HTTP, but it does not work for all types of RTC traffic. In particular, it is essential that the TURN server process runs on a host with two public IP addresses. A SIP server may work with port forwarding, but care needs to be taken to ensure the record-route URI matches the external IP address. Using SIP over TLS and SIP over WebSockets with port forwarding is more likely to work than trying to port-forward SIP over UDP traffic.

The TURN server does not need to have an IP address on the private network but it does need to be routable from the private network. The TURN server could be hosted in a DMZ or even using an external hosting provider.

If you choose to operate a SIP Session Border Controller (SBC), it will probably need to have both a public IP address and a private IP address.