From owner-freebsd-net@FreeBSD.ORG Thu May 20 18:33:22 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C7B5F16A4CE for ; Thu, 20 May 2004 18:33:22 -0700 (PDT) Received: from phoenix.gargantuan.com (rrcs-se-24-73-171-238.biz.rr.com [24.73.171.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2681F43D1D for ; Thu, 20 May 2004 18:33:22 -0700 (PDT) (envelope-from michael@gargantuan.com) Received: from localhost (localhost.gargantuan.com [127.0.0.1]) by spamassassin-injector (Postfix) with SMTP id 3571965; Thu, 20 May 2004 21:33:18 -0400 (EDT) Received: by phoenix.gargantuan.com (Postfix, from userid 1001) id B01091FF; Thu, 20 May 2004 21:32:40 -0400 (EDT) Date: Thu, 20 May 2004 21:32:40 -0400 From: "Michael W. Oliver" To: Adam McLaurin Message-ID: <20040521013240.GG4754@gargantuan.com> References: <20040520201657.56cb3ed8.adam.mclaurin@gmx.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FN+gV9K+162wdwwF" Content-Disposition: inline In-Reply-To: <20040520201657.56cb3ed8.adam.mclaurin@gmx.net> User-Agent: Mutt/1.4.2.1i X-WWW-Site: http://michael.gargantuan.com X-PGP-Public-Key: $X-WWW-Site/gnupg/pubkey.asc X-PGP-Fingerprint: 2694 0179 AE3F BFAE 0916 0BF5 B16B FBAB C5FA A3C9 X-Home-Phone: +1-863-816-8091 X-Mobile-Phone: +1-863-738-2334 X-Home-Address0: 8008 Apache Lane X-Home-Address1: Lakeland, FL X-Home-Address2: 33810-2172 X-Home-Address3: United States of America X-Good-Question-Guide: http://www.catb.org/~esr/faqs/smart-questions.html X-Netiquette-Guidelines: http://www.ietf.org/rfc/rfc1855.txt X-Spam-DCC: : X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on phoenix.gargantuan.com X-Spam-Level: X-Spam-Status: No, hits=-103.5 required=5.0 tests=AWL,BAYES_00, NO_DNS_FOR_FROM,USER_IN_WHITELIST autolearn=no version=2.63 cc: freebsd-net@freebsd.org Subject: Re: Problems setting up Vonage VoIP with FreeBSD + ipfilter X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 May 2004 01:33:23 -0000 --FN+gV9K+162wdwwF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2004-05-20T20:16:57-0400, Adam McLaurin wrote: > So I got set up with Vonage VoIP, which I am really excited to have, but > I am having a heck of a time getting it set up behind my FreeBSD box. >=20 > My network configuration is as follows: > Cable modem --> FreeBSD 5.2.1-R (ipf/ipnat) --> 8-port D-Link Switch --> > Internal network=20 >=20 > The Vonage Voice Terminal (VT) is on port 8 of the switch >=20 > So basically what I need to do is forward the following UDP ports to the > VT (which I will be assigning 192.168.56.22). > 53 > 69 > 5060-5061 > 10000-20000 Note that you don't need to allow incoming traffic to reach the VT on ports 53 or 69, you need to allow the VT to open outbound connections on those ports (DNS and TFTP, respectively). In addition, I had to open up outbound UDP on port 123 (NTP) as well, because even though I run NTP internally, the ATA's configuration is locked down and can't be changed (thanks Vonage :( ). > So in my ipf.rules I added the following: > pass in quick on dc0 proto udp from any to any port 9999 >< 20001 > pass in quick on dc0 proto udp from any to any port =3D 53 > pass in quick on dc0 proto udp from any to any port =3D 69 > pass in quick on dc0 proto udp from any to any port =3D 5060 > pass in quick on dc0 proto udp from any to any port =3D 5061 >=20 > And in the ipnat.rules I added: > rdr dc0 146.115.126.186/32 port 53 -> 192.168.56.22 port 53 udp > rdr dc0 146.115.126.186/32 port 69 -> 192.168.56.22 port 69 udp > rdr dc0 146.115.126.186/32 port 5060 -> 192.168.56.22 port 5060 udp > rdr dc0 146.115.126.186/32 port 5061 -> 192.168.56.22 port 5061 udp Also note that I am using IPFW2+NATD, but this looks ok (except for the 53 and 69, but we already talked about that :) > Now, I'm not 100% certain the rdr's are correct (I'm not too comfortable > with ipnat, and the docs confuse the hell out of me).=20 >=20 > However, I have absolutely no idea how to forward all UDP ports from > 10000-20000 without manually writing a rule for each port (which seems > to be a very bad idea just for the processing overhead on each incoming > UDP packet). Ok, I had the same problem, but I discovered that my ATA (I got mine when they sent out Cisco Analog Telephone Adapters, hence ATA) always uses port 10000, and the Vonage-side of the connection is always port 11000. I have been using the service for more than a year now and I haven't had a single occasion where the connection was anything other than what I just described. > Can someone guide me through this? There aren't any Vonage How-To's for > FreeBSD yet, so I'm pretty much flying blind. Like I said, I am using IPFW2+NATD, and the dummynet pipe/queue configuration works very well for giving my VoIP traffic plenty of bandwidth. I don't know if ipf has the same or similar facility, but it is worth looking into. I hope to soon be running pf+altq :D Hope this helps! --=20 Mike perl -e 'print unpack("u","88V]N=3D&%C=3D\"!I;F9O(&EN(&AE861E