Yay for siproxd. Working multi-user sip is a beautiful thing.
Key notes:
You need to configure siproxd, allow siproxd to use some ports on the firewall, and configured your sip client.
after installing the package, edit /etc/siproxd.conf and set
if_inbound=INTERFACENAME
if_outbound=INTERFACENAME
hosts_allow_reg=your internal network/netmask
do not set hosts_allow_sip - I found it interacted strangely and got 408 'timeouts' - which is how siproxd shows 'access denied' to the client.
edit /etc/default/siproxd and set it to enabled.
do a sudo invoke-rc.d siproxd start
Now, in your iptables rules you need to allow the following ports for 'INBOUND' on your inside and outside interfaces:
5060 (sip)
7070-7079 (rtp - the voice and video data)
Activate those rules, and you are done on the infrastructure, now its just each client that you need to configure.
So fire up your sip client. It should have a sip proxy field - in there put 'sip:' + your gateway address/ip.
if you have STUN configured - disable it. The sip proxy will forward registration and all traffic for you, STUN will at best confuse the issue.
And bingo, you should have working sip.