[Gllug] NAT & VoIP
Andy McGarty
andy at mcGarty.net
Mon Dec 31 03:38:09 UTC 2001
>
> I'm wondering about what sort of hoops I have to jump through to get VoIP
> running across my Smoothwall box. I got Smoothwall as a way of avoiding
> learning too much about firewalls, and then my housemate went and got a
web
> cam for Christmas... Bastard.
>
> Now I need to make the blessed thing work. It's on a Mac so there's
nothing
> resembling useful diagnostics output from the client software. All I get
is
> 'Gateway not registered'. Bummer.
>
SNIP
>
> Recommendations, advice, pointers etc are all welcome. If there's anyone
> with a web cam, net connection, and an evening to kill I could use some
help
> testing this too...
>
Your are going to have problems. The voip packet contains details of the IP
source address in it as part of the data, not just in the usual header.
This means its sending the remote end a private address (ie the one behind
your firewall) and not the public address you use. This means the remote
end cant get back to you as the private address wont be routed.
I think you have two (at least) choices:
1) set up the remote on the remote end to send packets to your provate IP
range (hopefully different to theirs) to your IP address for onward routing
and alter the firewall accordingly.
2) get more public IP addresses and give one to the voip box you are using.
It can still go through your firewall and you'll need to change your
firewall's routing and rules to route these packets to the voip box.
We went for option 2 as we had multiple IP addresses and its easy.
If you choose to do option 1 then I suggest lots of tcpdump of the external
interface to see if the packets go out and if the remote end it as least
returning them?
Good luck.
Andy
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list