Re: [SLUG] Linux Firewall

From: Ian Blenke (icblenke@nks.net)
Date: Fri Nov 14 2003 - 14:58:35 EST


Steve wrote:
> On Friday 14 November 2003 10:14 am, you wrote:
>
>>Will Shorewall allow a VPN connection from a remote windows workstation?
>>What about VOIP?
>
>
> VoIP is IP. Its no different than any other IP traffic. Now the VoIP have
> issues with speed so as to not get broken up.

VoIP is really an overloaded moniker. The voice payload is RTP streams
(UDP payload), while the call signalling is typically one of: SIP,
H.323, MGCP/H.248/Megaco, Cisco's SCCP/Skinny, Asterisk's IAX, or
something more application specific like Skype.

All of these VoIP solutions (save Asterisk IAX or something designed to
circumvent the problem, like Skype) have varying NAT problems and QoS
enforcement issues.

While Shorewall will allow NATted connections through, you will still
need a SIP proxy / H.323 proxying gatekeeper / etc to rewrite the
signalling to adapt to the NATted addresses within the signalling
protocols themselves.

At the moment, if you're behind NAT, ask your VoIP service provider for
an outbound SIP proxy (FreeWorldDialup works just fine with NAT when
setup correctly, for example), or use something like Asterisk IAX that
is NAT clean.

Once you get beyond the NAT issues, the QoS headaches begin. Unless you
*like* choppy voice calls with massive echo, this one can be a bear to
deal with.

-- 
- Ian C. Blenke - Director of Service Delivery <icblenke@nks.net>
(This message bound by the following:
http://www.nks.net/email_disclaimer.html)

----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:48:06 EDT