[Gllug] NAT & VoIP

Richard Cottrill richard_c at tpg.com.au
Mon Dec 31 12:33:47 UTC 2001 

Unfortunately neither of these suggestions is an option. Using the
ip_masq_h323 module I should be able to run calls across the NAT. I may be
able to configure openMCU as a proxy gatekeeper/gateway (I haven't figured
out how yet). I have very few options beyond the firewall though. I'm using
BT ADSL so the IP changes occasionally and there's only one of it; NAT is a
must (2 - 4 computers use the link at any time); and my housemate requires
all of this be very simple to use for himself and his similarly
non-technically inclined friends. I've made some headway by sniffing the
network to find the address of the gateway his software uses; but there's
still the issue of identification of the proxy to the gatekeeper and my
housemate to the proxy...

I've done some reading on the topic. The ip_masq_h323 module isn't designed
to support gatekeeper stuff. On second thought I think the error message
below should read 'Gatekeeper not registered'. A gateway is a different
beastie from a gatekeeper apparently.

At the moment the best plan I can come up with is to install openMCU on the
smoothwall box and use it as a proxy. I'm still trying to figure out exactly
how to do that. I don't like this solution and I'm considering how practical
it would be for me to extend the ip_masq_h323 module to fiddle gatekeeper
type packets. At the moment I'm pretty confused on this subject - the h.225
protocol seems to get fiddled by the module; and that seems to be the
relevant protocol.

If anyone can point me to a good article on the hooks used for IP
masquerading modules I'd greatly appreciate it. Actually just somewhere to
go where I could find more information would be a great start. This is a
very steep learning curve (VoIP; the finer points of IP masquerading; kernel
hacking; and even solid C programming are new to me).

So where do people suggest I go? (try to keep it polite :-)

Thanks,

Richard

> -----Original Message-----
> From: gllug-admin at linux.co.uk [mailto:gllug-admin at linux.co.uk]On Behalf
> Of Andy McGarty
> Sent: Monday, December 31, 2001 3:38 AM
> To: gllug at linux.co.uk
> Subject: Re: [Gllug] NAT & VoIP
>
>
> >
> > I'm wondering about what sort of hoops I have to jump through
> to get VoIP
> > running across my Smoothwall box. I got Smoothwall as a way of avoiding
> > learning too much about firewalls, and then my housemate went and got a
> web
> > cam for Christmas... Bastard.
> >
> > Now I need to make the blessed thing work. It's on a Mac so there's
> nothing
> > resembling useful diagnostics output from the client software. All I get
> is
> > 'Gateway not registered'. Bummer.
> >
> SNIP
> >
> > Recommendations, advice, pointers etc are all welcome. If there's anyone
> > with a web cam, net connection, and an evening to kill I could use some
> help
> > testing this too...
> >
> Your are going to have problems.  The voip packet contains
> details of the IP
> source address in it as part of the data, not just in the usual header.
> This means its sending the remote end a private address (ie the one behind
> your firewall) and not the public address you use.  This means the remote
> end cant get back to you as the private address wont be routed.
>
> I think you have two (at least) choices:
>
> 1) set up the remote on the remote end to send packets to your provate IP
> range (hopefully different to theirs) to your IP address for
> onward routing
> and alter the firewall accordingly.
> 2) get more public IP addresses and give one to the voip box you
> are using.
> It can still go through your firewall and you'll need to change your
> firewall's routing and rules to route these packets to the voip box.
>
> We went for option 2 as we had multiple IP addresses and its easy.
>
> If you choose to do option 1 then I suggest lots of tcpdump of
> the external
> interface to see if the packets go out and if the remote end it as least
> returning them?
>
> Good luck.
>
> Andy
>
>
>
>
> --
> Gllug mailing list  -  Gllug at linux.co.uk
> http://list.ftech.net/mailman/listinfo/gllug
>


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list