quick update. Updated patch to include now also the three new web GUI
files, previously missing from the provided patch on the ftp site
below. Added a minor modification to how transparent proxy works: I
have to redirect also traffic on the WAN port destined to port 5060,
not just on the lan port (connections with source and destination port
equal to 5060 where forwarded due to dynamic NAT rules, which is not
desired in this case).
On Nov 3, 2007 8:06 PM, Marcel Wiget <mwiget at gmail dot com> wrote:
> While working with different NAT/Firewall traversal solutions
> for SIP User Agents (audio and video phone endpoints) I wanted
> something that will ease the burden on the endpoints when
> connected behind m0n0wall. Siproxd from Thomas Ries:
> http://siproxd.sourceforge.net offers a simple SIP registrar,
> proxy and masquerading daemon that handles SIP signaling and
> RTP stream proxying.
> I'd like to share my current alpha version of the SIP proxy function
> for m0n0wall to discuss.
> The patch against the freebds6 repository of m0n0wall, a small README.txt
> and a WRAP/ALIX.2 image based on 1.3b4 can be found at
> Sorry, no other images for the moment.
> Brief description of the implementation:
> A new GUI menu 'Services -> SIP Proxy' is added to enable
> and configure siproxd. Firewall rules are automatically adjusted.
> A separate log tab shows siproxd related log messages, including
> a simple call log.
> The actual SIP proxy/registrar entries can be listed under
> 'Diagnostics -> SIP Proxy'.
> When activated using default values, m0n0wall will act as
> a registrar, proxy and transparent proxy server for internal
> SIP endpoints and it automatically intercepts SIP signaling
> messages sent to any host on the Internet over UDP port 5060.
> If a non-standard port is configured for the SIP proxy, this
> automatic redirection function is disabled.
> Warning: When using m0n0wall's SIP proxy function, don't use
> any other traversal features of your SIP endpoint like STUN.
> Use the m0n0wall's SIP proxy instead as 'outbound SIP proxy'.
> No authentication is required, but the endpoint must reside on
> the local internal network (usually the LAN interface).
> Hopefully the GUI has all the info's needed for everyone to configure
> it properly.
> Does it make sense to add this to m0n0wall? Any other developer
> out there looking into other options/solutions ?
> I've done only limited testing but it seems to work for my SNOM phone
> and X-Meeting (soft client), both simply configured with fwd.pulver.com and
> e-fon.com as registrar servers. Video is next. I expect some issues here with
> the additional video streams being relayed.
> For troubleshooting, siproxd offers a neat solution for embedded devices like
> m0n0wall: Debugging output via TCP port: Specify a TCP port (e.g. 5000) and
> debug level via 'Services -> SIP Proxy', then connect to m0n0wall port 5000 and
> debug messages are sent over it (netcat output piped to a file works
> of course too).