[ previous ] [ next ] [ threads ]
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] SIP/tftp protocol fixup
 Date:  Thu, 26 May 2005 00:45:23 +0200
Am Mittwoch, den 25.05.2005, 17:11 -0500 schrieb Christian Oswald:

> Maybe being able to adjust the UDP ack timeout to a number manually
> instead of it being set to a fixed 240 seconds.
Hmm, from 1.2b3 release notes:
* filter UDP ack timeout is now 240 instead of 24 seconds to make SIP 
  work properly

There should be a way to change this parameter, either through the GUI
or as hidden option in config.xml. This would help to better accommodate
the firewall with the SIP phones.

> The issue I have seen is that the monowall will not pass tftp traffic
> through NAT. Just as Peter stated, with voip becoming more popular, I
> truly believe there should be a fixup for tftp in the monowall. 

This point is much more complicated. Someone has to patch ipfilter (or
any other filtering software) for this. Exempt commercial products,
netfilter is the only free filtering software I know supporting tftp
connection tracking. An alternativ is a tftp-proxy, but I'm not sure if
we want to see the whole traffic going through userland (apart from
that, I'm not aware of the existence of any tftp-proxy). In the
meantime, you could try jftpd (see [1]) as tftp server.

Ciao ...
	... PIT ...

[1] http://freshmeat.net/projects/jtftp/

 copyleft(c) by |   _-_     snafu = Situation Normal All F%$*ed up
 Peter Allgeyer | 0(o_o)0