Firewall & VoIP

I'm considering setting up Linux (iptables) based stateful firewall. Can
anyone point me towards resources/tutorials on how to set up connection
tracking for SIP & H323 connections? In particular, can iptables dynamically
open RTP ports for voice traffic? I'm currently using Cisco and had to open
high UDP ports in order for audio to go through.

TIA,
Peter

You might want to start with a look at ser and FCP at iptel.org
(http://iptel.org/products/). The Netfilter site
(http://www.netfilter.org/) is also quite useful.

> The freesco floppy router has H323 and Cuseeme NAT modules for this
> task. It can run in 12-16 meg on a 486/33 diskless workstation with no
> keyboard, monitor or hard drive ;-)

Can it handle 5mbit/s transfer rates, HTB, traffic shaping & rate limiting?
I'm thinking old AMD K6 166mhz for this.

Thx,
Peter

Sure it's Linux :-)

My 486/33 can easilt handle a full 10mpbs netcard bridging onto a
second card on a 100mbps network. Still think your K6 will be
'backet-challenged' ? :-)

Traffic shaping is normally accomplished with more advanced kernel
modules, but it's just a case of recompiling the kernel and adding
support for the options in iptables

Although freesco uses ipchains or even ipfwconfig, other options such
as floppyfw exist with similar capabilites and more modern kernel
implementations. Check also the LRP - Linux router project for
possible H323 modulesm I;m sure somebody's done this.

Cheers - Neil.

On Thu, 24 Jul 2003 22:03:35 +0300, "Peter" <(E-Mail Removed)>
wrote:

>> The freesco floppy router has H323 and Cuseeme NAT modules for this
>> task. It can run in 12-16 meg on a 486/33 diskless workstation with no
>> keyboard, monitor or hard drive ;-)
>
>Can it handle 5mbit/s transfer rates, HTB, traffic shaping & rate limiting?
>I'm thinking old AMD K6 166mhz for this.
>
>Thx,
>Peter
>
>


================================================== ======
VideoChat with friends online, get Freshly Toasted every
day at http://www.fresh-toast.net : NetMeeting solutions
for a connected world.

Many years ago, Billy Biggs wrote a SIP ALG for Linux - I used a few years
ago and it worked fine - have not used it since then.

Cullen



On 7/24/03 0:28, in article bfo1r1$gbb5a$(E-Mail Removed),
"Peter" <(E-Mail Removed)> wrote:

> I'm considering setting up Linux (iptables) based stateful firewall. Can
> anyone point me towards resources/tutorials on how to set up connection
> tracking for SIP & H323 connections? In particular, can iptables dynamically
> open RTP ports for voice traffic? I'm currently using Cisco and had to open
> high UDP ports in order for audio to go through.
>
> TIA,
> Peter
>
>

Why confuse the situation, use your linux box for routing and telephony.
Have a box with a public ip and an internal ip , so 2 nics and yes iptables
is one way to go but you can just fire up a quick firewall script that will
turn up your nat environment and act as your firewall to let things out and
limit things coming in.

Will you need to connect to the PSTN?

(E-Mail Removed)

"Peter" <(E-Mail Removed)> wrote in message
news:bfo1r1$gbb5a$(E-Mail Removed)...
> I'm considering setting up Linux (iptables) based stateful firewall. Can
> anyone point me towards resources/tutorials on how to set up connection
> tracking for SIP & H323 connections? In particular, can iptables
dynamically
> open RTP ports for voice traffic? I'm currently using Cisco and had to
open
> high UDP ports in order for audio to go through.
>
> TIA,
> Peter
>
>

> Why confuse the situation, use your linux box for routing and telephony.
> Have a box with a public ip and an internal ip , so 2 nics and yes
iptables
> is one way to go but you can just fire up a quick firewall script that
will
> turn up your nat environment and act as your firewall to let things out
and
> limit things coming in.

That's exactly what I'm doing... but the problem is how to configure
firewall on the same linux box so it allows incoming RTP?

Peter

What kind of firewall are you using? script? commercial? homemade? I had
similar problems in the beginning... perhaps I can help.

-Greg

"Peter" <(E-Mail Removed)> wrote in message
news:bgvi8a$sskde$(E-Mail Removed)...
> > Why confuse the situation, use your linux box for routing and telephony.
> > Have a box with a public ip and an internal ip , so 2 nics and yes
> iptables
> > is one way to go but you can just fire up a quick firewall script that
> will
> > turn up your nat environment and act as your firewall to let things out
> and
> > limit things coming in.
>
> That's exactly what I'm doing... but the problem is how to configure
> firewall on the same linux box so it allows incoming RTP?
>
> Peter
>
>