[ previous ] [ next ] [ threads ]
 From:  "Marcel Wiget" <mwiget at gmail dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  SIP proxy for m0n0wall 1.3x
 Date:  Sat, 3 Nov 2007 20:06:13 +0100

While working with different NAT/Firewall traversal solutions
for SIP User Agents (audio and video phone endpoints) I wanted
something that will ease the burden on the endpoints when
connected behind m0n0wall. Siproxd from Thomas Ries:
http://siproxd.sourceforge.net offers a simple SIP registrar,
proxy and masquerading daemon that handles SIP signaling and
RTP stream proxying.

I'd like to share my current alpha version of the SIP proxy function
for m0n0wall to discuss.

The patch against the freebds6 repository of m0n0wall, a small README.txt
and a WRAP/ALIX.2 image based on 1.3b4 can be found at


Sorry, no other images for the moment.

Brief description of the implementation:

A new GUI menu 'Services -> SIP Proxy' is added to enable
and configure siproxd. Firewall rules are automatically adjusted.

A separate log tab shows siproxd related log messages, including
a simple call log.

The actual SIP proxy/registrar entries can be listed under
'Diagnostics -> SIP Proxy'.

When activated using default values, m0n0wall will act as
a registrar, proxy and transparent proxy server for internal
SIP endpoints and it automatically intercepts SIP signaling
messages sent to any host on the Internet over UDP port 5060.
If a non-standard port is configured for the SIP proxy, this
automatic redirection function is disabled.

Warning: When using m0n0wall's SIP proxy function, don't use
any other traversal features of your SIP endpoint like STUN.
Use the m0n0wall's SIP proxy instead as 'outbound SIP proxy'.
No authentication is required, but the endpoint must reside on
the local internal network (usually the LAN interface).

Hopefully the GUI has all the info's needed for everyone to configure
it properly.

Does it make sense to add this to m0n0wall? Any other developer
out there looking into other options/solutions ?

I've done only limited testing but it seems to work for my SNOM phone
and X-Meeting (soft client), both simply configured with fwd.pulver.com and
e-fon.com as registrar servers. Video is next. I expect some issues here with
the additional video streams being relayed.

For troubleshooting, siproxd offers a neat solution for embedded devices like
m0n0wall: Debugging output via TCP port: Specify a TCP port (e.g. 5000) and
debug level via 'Services -> SIP Proxy', then connect to m0n0wall port 5000 and
debug messages are sent over it (netcat output piped to a file works
of course too).