Deploying Flexisip behind a NAT is possible without major difficulty.

Please make sure to acknowledge the good practices for using SIP before further reading.

Prequisites

• The NAT must forward the TCP (or UDP) connection to flexisip's listening ports (typically 5060 or 5061).
• The NAT should perform port forwarding for a range of UDP port that will be used by the MediaRelay module. By default, ports 1025-65535 are used by MediaRelay.
• In case of the use of Flexisip-account-manager, LIME-server, or any Apache related module interacting with Flexisip, their ports must be also be forwarded (typically 443)

Configuration specificities

Compared to a setup with public IP address, two configuration keys simply need to be adapted.

Configuring the transports

The transports key of global section needs to be adapted so that both the public hostname and the private IP address are indicated. The public hostname shall appear as the host of the SIP uri, while the private IP address used for binding shall appear in the maddr parameter. For example:

Alternatively, a wildcard may be specified in maddr so that flexisip listens on all interfaces of the host.

Configuring the media relay service

The media relay service must be instructed to advertise the public IP address in SDP, instead of the local (private) ones which are useless.

This is done by setting in [module::MediaRelay]: