From owner-freebsd-net@FreeBSD.ORG Wed Sep 8 21:28:20 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B1A016A4CF for ; Wed, 8 Sep 2004 21:28:20 +0000 (GMT) Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2994243D31 for ; Wed, 8 Sep 2004 21:28:20 +0000 (GMT) (envelope-from mcc@fid4.com) Received: from fid4.com (unknown[66.228.85.226]) by comcast.net (sccrmhc13) with SMTP id <2004090821281901600gqa3fe> (Authid: m.cambria); Wed, 8 Sep 2004 21:28:19 +0000 Message-ID: <413F797B.8010009@fid4.com> Date: Wed, 08 Sep 2004 17:28:27 -0400 From: "Michael C. Cambria" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Forrest Aldrich References: <413F6BBE.1050202@forrie.com> <413F704A.9040705@fid4.com> <413F705B.40602@forrie.com> In-Reply-To: <413F705B.40602@forrie.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: VoIP and IPFW X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Sep 2004 21:28:20 -0000 Forrest Aldrich wrote: > Just going to use one VoIP phone, and it is a NAT firewall, so the phone > would technically be behind that. I don't use Vonage, but I do use FWD and iptel.org from FreeBSD, RH90 and XP systems behind my FreeBSD 4.10-Stable router running ipfw/natd. So the setup is similar. FWD's "netcheck" claims that my ipfw/natd setup is a port restricted cone NAT, but me thinks its confused. ipfw/natd behaves as symmetric NAT (someone please correct me if I'm wrong.) As a result, I use the 'relay" that FWD provides. Vonage will need to provide a similar device for your use. Inquire about this type of support before signing up. Using the relay helps in one respect. You only need one pair of rules in ipfw to allow RTP traffic to pass. With this rule, everything just worked. You can check out the configuration pages on www.freeworlddialup.com for more information. I suggest you start with FWD first, get that working, then move on to Vonage. Running ipfw/natd "open" initially will help as well. Another solution, if you don't use a relay, would be port forwarding, but this becomes problematic with the more phones you have. I also have started to run SER (see ports) with nathelper + rtpproxy on the ipfw/natd system. I prefer this solution. All my users can talk to each other via the private LAN(s), but still call out to the 'net (including iptel & FWD users) as well as receive calls. I'm still plugging away with this, so I haven't tested things beyond basic calls (e.g. conference) yet. Regards, MikeC