VoIP and IPFW
Michael C. Cambria
mcc at fid4.com
Wed Sep 8 14:28:20 PDT 2004
Forrest Aldrich wrote:
> Just going to use one VoIP phone, and it is a NAT firewall, so the phone
> would technically be behind that.
I don't use Vonage, but I do use FWD and iptel.org from FreeBSD, RH90
and XP systems behind my FreeBSD 4.10-Stable router running ipfw/natd.
So the setup is similar.
FWD's "netcheck" claims that my ipfw/natd setup is a port restricted
cone NAT, but me thinks its confused. ipfw/natd behaves as symmetric
NAT (someone please correct me if I'm wrong.) As a result, I use the
'relay" that FWD provides. Vonage will need to provide a similar device
for your use. Inquire about this type of support before signing up.
Using the relay helps in one respect. You only need one pair of rules
in ipfw to allow RTP traffic to pass. With this rule, everything just
You can check out the configuration pages on www.freeworlddialup.com for
more information. I suggest you start with FWD first, get that working,
then move on to Vonage. Running ipfw/natd "open" initially will help as
Another solution, if you don't use a relay, would be port forwarding,
but this becomes problematic with the more phones you have.
I also have started to run SER (see ports) with nathelper + rtpproxy on
the ipfw/natd system. I prefer this solution. All my users can talk to
each other via the private LAN(s), but still call out to the 'net
(including iptel & FWD users) as well as receive calls. I'm still
plugging away with this, so I haven't tested things beyond basic calls
(e.g. conference) yet.
More information about the freebsd-net