Date: Thu, 20 May 2004 21:32:40 -0400 From: "Michael W. Oliver" <michael@gargantuan.com> To: Adam McLaurin <adam.mclaurin@gmx.net> Cc: freebsd-net@freebsd.org Subject: Re: Problems setting up Vonage VoIP with FreeBSD + ipfilter Message-ID: <20040521013240.GG4754@gargantuan.com> In-Reply-To: <20040520201657.56cb3ed8.adam.mclaurin@gmx.net> References: <20040520201657.56cb3ed8.adam.mclaurin@gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--FN+gV9K+162wdwwF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On 2004-05-20T20:16:57-0400, Adam McLaurin wrote:
> So I got set up with Vonage VoIP, which I am really excited to have, but
> I am having a heck of a time getting it set up behind my FreeBSD box.
>=20
> My network configuration is as follows:
> Cable modem --> FreeBSD 5.2.1-R (ipf/ipnat) --> 8-port D-Link Switch -->
> Internal network=20
>=20
> The Vonage Voice Terminal (VT) is on port 8 of the switch
>=20
> So basically what I need to do is forward the following UDP ports to the
> VT (which I will be assigning 192.168.56.22).
> 53
> 69
> 5060-5061
> 10000-20000
Note that you don't need to allow incoming traffic to reach the VT on
ports 53 or 69, you need to allow the VT to open outbound connections on
those ports (DNS and TFTP, respectively). In addition, I had to open up
outbound UDP on port 123 (NTP) as well, because even though I run NTP
internally, the ATA's configuration is locked down and can't be changed
(thanks Vonage :( ).
> So in my ipf.rules I added the following:
> pass in quick on dc0 proto udp from any to any port 9999 >< 20001
> pass in quick on dc0 proto udp from any to any port =3D 53
> pass in quick on dc0 proto udp from any to any port =3D 69
> pass in quick on dc0 proto udp from any to any port =3D 5060
> pass in quick on dc0 proto udp from any to any port =3D 5061
>=20
> And in the ipnat.rules I added:
> rdr dc0 146.115.126.186/32 port 53 -> 192.168.56.22 port 53 udp
> rdr dc0 146.115.126.186/32 port 69 -> 192.168.56.22 port 69 udp
> rdr dc0 146.115.126.186/32 port 5060 -> 192.168.56.22 port 5060 udp
> rdr dc0 146.115.126.186/32 port 5061 -> 192.168.56.22 port 5061 udp
Also note that I am using IPFW2+NATD, but this looks ok (except for the
53 and 69, but we already talked about that :)
> Now, I'm not 100% certain the rdr's are correct (I'm not too comfortable
> with ipnat, and the docs confuse the hell out of me).=20
>=20
> However, I have absolutely no idea how to forward all UDP ports from
> 10000-20000 without manually writing a rule for each port (which seems
> to be a very bad idea just for the processing overhead on each incoming
> UDP packet).
Ok, I had the same problem, but I discovered that my ATA (I got mine
when they sent out Cisco Analog Telephone Adapters, hence ATA) always
uses port 10000, and the Vonage-side of the connection is always port
11000. I have been using the service for more than a year now and I
haven't had a single occasion where the connection was anything other
than what I just described.
> Can someone guide me through this? There aren't any Vonage How-To's for
> FreeBSD yet, so I'm pretty much flying blind.
Like I said, I am using IPFW2+NATD, and the dummynet pipe/queue
configuration works very well for giving my VoIP traffic plenty of
bandwidth. I don't know if ipf has the same or similar facility, but it
is worth looking into. I hope to soon be running pf+altq :D
Hope this helps!
--=20
Mike
perl -e 'print unpack("u","88V]N=3D&%C=3D\"!I;F9O(&EN(&AE861E<G,*");'
--FN+gV9K+162wdwwF
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFArVw4sWv7q8X6o8kRAgopAJ9Q3Fy3uqywZJgDy/GrgP2EOLAqoQCfVXya
umlTVI5kq9Cl72luM6+L6Ss=
=kOb0
-----END PGP SIGNATURE-----
--FN+gV9K+162wdwwF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040521013240.GG4754>