From owner-freebsd-net@FreeBSD.ORG Thu Sep 9 00:17:21 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4632D16A4CE for ; Thu, 9 Sep 2004 00:17:21 +0000 (GMT) Received: from forrie.com (forrie.ne.client2.attbi.com [24.147.45.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE54943D55 for ; Thu, 9 Sep 2004 00:17:20 +0000 (GMT) (envelope-from forrie@forrie.com) Received: from [127.0.0.1] (i-25.forrie.net. [192.168.1.25]) by forrie.com with ESMTP id i890HBkf047672 for ; Wed, 8 Sep 2004 20:17:13 -0400 (EDT) (envelope-from forrie@forrie.com) Message-ID: <413FA08A.3010803@forrie.com> Date: Wed, 08 Sep 2004 20:15:06 -0400 From: Forrest Aldrich User-Agent: Mozilla Thunderbird 0.8 (Windows/20040907) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <200409082255.i88MtPEO054166@f1.masterplan.org> In-Reply-To: <200409082255.i88MtPEO054166@f1.masterplan.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-RAVMilter-Version: 8.3.0(snapshot 20010925) (forrie.ne.client2.attbi.com) X-MailScanner-LocalNet: Found to be clean Subject: Re: VoIP and IPFW X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Sep 2004 00:17:21 -0000 I see. I had imagined some traffic shaping and QoS necessities to manage the service (on the FreeBSD box, though I don't know how it's QoS works yet). I'd also be concerned about general security. Jason George wrote: >Subject: Re: VoIP and IPFW >To: forrie@forrie.com >Cc: > > > >>I'm also speaking of specific ipfw configuration to support this >>functionality (QoS, traffic shaping, etc)... >> >> >> >> > >I have the Vonage box behind my OpenBSD pf firewall. "It just works". > >The box grabs a DHCP address and then initiates a UDP connection to >the server at the Vonage end. Every 14 seconds, the box "polls" >the head-end. > >dew# tcpdump -i le1 host 192.168.4.11 >tcpdump: listening on le1 >16:44:40.790962 216.115.25.20.5061 > 192.168.4.11.5061: udp 478 (DF) >16:44:54.795825 192.168.4.11.5061 > 216.115.25.20.5061: udp 633 >16:44:54.884601 216.115.25.20.5061 > 192.168.4.11.5061: udp 479 (DF) >16:45:08.896124 192.168.4.11.5061 > 216.115.25.20.5061: udp 633 >16:45:08.984711 216.115.25.20.5061 > 192.168.4.11.5061: udp 479 (DF) >16:45:22.996351 192.168.4.11.5061 > 216.115.25.20.5061: udp 632 >16:45:23.121386 216.115.25.20.5061 > 192.168.4.11.5061: udp 478 (DF) >16:45:37.129823 192.168.4.11.5061 > 216.115.25.20.5061: udp 633 >16:45:37.218418 216.115.25.20.5061 > 192.168.4.11.5061: udp 479 (DF) >16:45:51.230049 192.168.4.11.5061 > 216.115.25.20.5061: udp 632 >16:45:51.425216 192.168.4.11.5061 > 216.115.25.20.5061: udp 632 >16:45:51.645703 216.115.25.20.5061 > 192.168.4.11.5061: udp 478 (DF) >16:45:51.650558 216.115.25.20.5061 > 192.168.4.11.5061: udp 478 (DF) >16:46:05.646906 192.168.4.11.5061 > 216.115.25.20.5061: udp 633 >16:46:05.735910 216.115.25.20.5061 > 192.168.4.11.5061: udp 479 (DF) >16:46:19.747073 192.168.4.11.5061 > 216.115.25.20.5061: udp 633 >16:46:19.849489 216.115.25.20.5061 > 192.168.4.11.5061: udp 479 (DF) >^C > >If an incoming call occurs, apparently the control message then causes >The box to initiate an outbound connection for the actual call completion. > >16:47:29.997893 192.168.4.11.10000 > 216.18.39.148.15974: udp 172 >16:47:30.017540 216.18.39.148.15974 > 192.168.4.11.10000: udp 172 (DF) >16:47:30.017803 192.168.4.11.10000 > 216.18.39.148.15974: udp 172 >16:47:30.038034 192.168.4.11.10000 > 216.18.39.148.15974: udp 172 >16:47:30.038671 216.18.39.148.15974 > 192.168.4.11.10000: udp 172 (DF) >16:47:30.056087 216.18.39.148.15974 > 192.168.4.11.10000: udp 172 (DF) >16:47:30.057945 192.168.4.11.10000 > 216.18.39.148.15974: udp 172 >16:47:30.075550 216.18.39.148.15974 > 192.168.4.11.10000: udp 172 (DF) >16:47:30.078019 192.168.4.11.10000 > 216.18.39.148.15974: udp 172 >16:47:30.096761 216.18.39.148.15974 > 192.168.4.11.10000: udp 172 (DF) >16:47:30.098179 192.168.4.11.10000 > 216.18.39.148.15974: udp 172 >16:47:30.117632 216.18.39.148.15974 > 192.168.4.11.10000: udp 172 (DF) >16:47:30.118223 192.168.4.11.10000 > 216.18.39.148.15974: udp 172 >16:47:30.138180 192.168.4.11.10000 > 216.18.39.148.15974: udp 172 >16:47:30.138571 216.18.39.148.15974 > 192.168.4.11.10000: udp 172 (DF) >16:47:30.154673 216.18.39.148.15974 > 192.168.4.11.10000: udp 172 (DF) > > >I actually haven't made any pf configuration changes, but I will be putting >in a QoS policy to guarantee ~100kbit/sec for the Vonage service. I >had some complaints about the quality of my voice at the far end when I was >uploading or emailing large attachments. (I'm using the highest-quality >setting on a 4Mbit/~400kbit down/up cablemodem connection.) > >Otherwise, on an unloaded link, it's just fine. > >I hope this helps...I don't have any specific IPFW settigs...sorry! > >--J >=== >Jason B. George, P.Eng., PMP - JGeorge@ResourceChain.com >ResourceChain Inc. - Project Consulting >(403) 703-5476 Cell (403) 668-0117 Office > > > >