Michael C. Cambria mcc at fid4.com
Wed Sep 8 14:28:20 PDT 2004

Forrest Aldrich wrote:

> Just going to use one VoIP phone, and it is a NAT firewall, so the phone 
> would technically be behind that.

I don't use Vonage, but I do use FWD and iptel.org from FreeBSD, RH90 
and XP systems behind my FreeBSD 4.10-Stable router running ipfw/natd. 
So the setup is similar.

FWD's "netcheck" claims that my ipfw/natd setup is a port restricted 
cone NAT, but me thinks its confused.  ipfw/natd behaves as symmetric 
NAT (someone please correct me if I'm wrong.)  As a result, I use the 
'relay" that FWD provides.  Vonage will need to provide a similar device 
for your use.  Inquire about this type of support before signing up.

Using the relay helps in one respect.  You only need one pair of rules 
in ipfw to allow RTP traffic to pass.  With this rule, everything just 

You can check out the configuration pages on www.freeworlddialup.com for 
more information.  I suggest you start with FWD first, get that working, 
then move on to Vonage.  Running ipfw/natd "open" initially will help as 

Another solution, if you don't use a relay, would be port forwarding, 
but this becomes problematic with the more phones you have.

I also have started to run SER (see ports) with nathelper + rtpproxy on 
the ipfw/natd system.  I prefer this solution.  All my users can talk to 
each other via the private LAN(s), but still call out to the 'net 
(including iptel & FWD users) as well as receive calls.  I'm still 
plugging away with this, so I haven't tested things beyond basic calls 
(e.g. conference) yet.


More information about the freebsd-net mailing list