On 11/10/06, Martin Gignac <[EMAIL PROTECTED]> wrote:
On 10/11/06, ropers <[EMAIL PROTECTED]> wrote:
> I've just had another thought:
>
> Why do the IP phones have to have public IPs?
>
> Is this because giving them NATted, private range IPs previously
> didn't work so well?
The VoIP phones Patrick is using are probably (my guess) using the
Session Initiation Protocol (SIP) for signalling.
http://en.wikipedia.org/wiki/Session_Initiation_Protocol
SIP embeds IP information of the host (phone) inside the exchanged
application messages and make use of the Session Description Protocol
whenever it tries to set up a voice call (using the INVITE
transaction) so that both phone know which kind of of voice/video
stream encoding to expect, and on which port and IP it'll be coming
to/from.
http://en.wikipedia.org/wiki/Session_Description_Protocol
If Patrick puts the phones behind a NAT box then the phones will have
private IPs and will reflect these privates IPs in whatever SIP
messages they send out onto the Internet. Unfortunately, if "public"
phones receive these SIP messages with private IPs they might try to
contact said IPs, which will fail miserably. It's a similar issue to
NAT and FTP, since FTP also embeds IP address inside the control
stream of the FTP session. Hence this is why OpenBSD has ftp-proxy(8).
If Patrick wants to use SIP behind NAt he'll need the added
"intelligence" of an Application Level Gateway.
http://en.wikipedia.org/wiki/Application-level_gateway
An ALG tracks SIP sessions and performs all the necessary NATs and
creates all the dynamic firewall rules to allow incoming and outgoing
media traffic for phone calls.
I don't think pf alone will fit the bill for this. That's why if he
has public IPs available for the phones it might be the quickest route
to success.
Still, if you *are* stuck behind a NAT and you have SIP phones and you
don't want to spend a fortune on an ALG there might be open source
solutions (which I have never looked into) that will achieve the same
thing.
A quick search on Google did turn this up:
http://siproxd.sourceforge.net/index.php?op=overview
Once again, thanks a whole bunch for your excellent and insightful information.
:)
