I have a private network like this: +-----------------------+ | firewall | +-----------------------+ | +-----------------------+ | 1.2.3.4 | ------------------ | NAT |--------------------- | 192.168.1.1 | +-----------------------+ +-----------------------+ +-------------------------------+ | PBX:192.168.1.2 | | SIPphone:192.168.1.3 | ............ +-----------------------+ +--------------------------------| Now ,I can let my asterisk work correctly by STUN.But ,for security,I must config my firewall.Because the RTP port is allocated dynamic(10000:20000),if I just open ports 10000:20000 on my firewall ,I doubt that it will not work.Maybe like this: asterisk get a RTP port 10000,but after it get through NAT,the port become 9999(worse,next time it may be 9998,and i can't preknow it will be what),then my firewall will DROP it. Please help me ,thanks