To add to the discussion, I currently am a Vonage customer, using a mostly
vanilla Bering setup. Currently (although could change later) I have my ATA
on the same network as my other PCs. It hasn't caused any problems that
I've found, and Bering has done an excellent job. One thing I did do
(mostly preemptive) was to forward a specific set of ports (per Vonage
documentation) to the ATA.
Those ports are : 5060,5061,53,69,1:2
Additionally, the line that I added in my shorewall rules configuration was
this :
lrcfg -> option 3 -> shorewall option -> option 6
#ACTION SOURCE DEST PROTO DEST
SOURCE ORIGINAL
# PORT
PORT(S) DEST
DNAT net loc:192.168.1.200 udp 5060,5061,53,69,1:2 -
I found the MAC of the ATA and gave it a dedicated IP address for simplicity
and being able to track it.
Another thing that I found is that I needed to setup a bit of ToS in order
to continue offering my internal FTP site. That rule is as follows :
lrcfg -> option 3 -> shorewall option -> option 16
#SOURCE DESTPROTOCOLSOURCE PORTSDEST PORTS TOS
loc:192.168.1.200 all udp - - 16
loc:192.168.1.200 all udp - - 8
loc:192.168.1.200 all udp - - 2
It might be a bit redundant to have all three rules, but it seems to have
worked pretty good. I received an updated package for the htb.init scripts,
that I haven't tested yet, but once I do I'll post the results from that.
I'd like to add that Vonage has been an excellent provider. I have not had
any downtime with it, except due to a power loss (apartment maintenance).
If anyone is planning on going to use Vonage, let me know. Their referall
bonus is excellent. Both people get a free month of service. Before anyone
signs up, allow me to forwrad a referral to you so we can both get a free
month (sorry for the blatant plug).
Hope any of the above was useful.
Joey
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Doug Hite
Sent: Saturday, March 13, 2004 12:08 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] Re: Vonage and Bering
Just to add to this discussion - I too am investigating this option.
There has been some discussion of Vonage on the Shorewall mailing
lists - you can search them at shorewall.net - keyword "vonage".
Looks like users on that list have gotten it to work - and a listing
of the rules can be found there.
Also you may want to check out
http://www.voicepulse.com/default.aspx
This is the other company I have heard mentioned on /. Not as
much information on firewalls, but they use a different phone,
so maybe its more "NAT friendly". Not as much coverage though
if having a local number is wanted.
I'm wondering if a 3 nic DMZ setup would be in order for a
home deployment of this - where the only device in the DMZ
was the phone. Might that reduce some of the security issues ?
Doug
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=ick
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html