asterisk users - Dec 2004 - Confused about proxying and NAT, and seeking guidance

I think I have got * worked out as far as getting users on a small
private network talking with each other, but when it comes to the bigger
picture about talking between private networks connected by the Internet
then I am getting confused about STUN, SER, SIPPROXY, RTPPROXY, etc.

Before I start let me make it clear that I am not looking to drop out
onto the public telco network anywhere, not at this stage anyway.  I see
that as a separate issue.

I have a number of organisational entities (oe), each of which has their
own Internet domain presence (alice.com, bob.com, claude.com, etc). 
Each oe has a similar structure of a Linux based Internet gateway which
does NAT/firewall/routing for the private subnets that connect to it.

Let us assume, in each oe, that the user clients are on the 192.168.x.y
subnet behind the gateway, and that they can establish outbound access
to the Internet but permit no inbound access to be established.  They
also have access to the oe's publicly accessible services (mail server
and web server) are on a DMZ which has a subnet of 192.168.y.z and which
is reached from the Internet by DNAT based on destination port.

My idea is to put * on each oe's DMZ.  My thinking here is that this is
tidier (all publicly accessible services are on a DMZ) and that the
public (well, my other oes anyway) will need to access *.  This runs
fine for each oe (putting * on the DMZ, that is).

Now, this is where the confusion arises.  What do I need to run by way
of STUN, SER, SIPPROXY, RTPPROXY, and more importantly where, in order
that, say, ian@alice.com can talk with jane@bob.com or with
keith@claude.com, or any reasonable combination of such mixes.  Ideally
I would like the RTP streams to be (virtually) bridged between
ian@alice.com and jane@bob.com (for example), rather than passing
through * at each oe.

Do I need to run all of these, or only some, and where?

I believe that this can be done with IAX2 (which I have not studied) but
I would also like to get it running with SIP/RTP.  What would folks
advise about IAX2 -v- SIP/RTP?

-- 
Howard.
LANNet Computing Associates;
Your Linux people <http://www.lannetlinux.com>
------------------------------------------
"When you just want a system that works, you choose Linux;
when you want a system that just works, you choose Microsoft."
------------------------------------------
"Flatter government, not fatter government;
Get rid of the Australian states."