[ previous ] [ next ] [ threads ]
 From:  "Brent Cook" <bcook at networklogistic dot com>
 To:  "Peter Allgeyer" <allgeyer at web dot de>, <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] SIP/tftp protocol fixup
 Date:  Wed, 25 May 2005 18:39:45 -0500
Is TFTP just used to boot the phones? Why not store the phone-boot image
locally on the firewall and run a local TFTP server? The phones would
boot a lot faster, assuming that you're using a tunneled VPN connection
to a central office to talk to the call processor.

-----Original Message-----
From: Peter Allgeyer [mailto:allgeyer at web dot de] 
Sent: Wednesday, May 25, 2005 5:45 PM
To: m0n0wall dash dev at lists dot m0n0 dot ch
Subject: Re: [m0n0wall-dev] SIP/tftp protocol fixup

Am Mittwoch, den 25.05.2005, 17:11 -0500 schrieb Christian Oswald:

> Maybe being able to adjust the UDP ack timeout to a number manually
> instead of it being set to a fixed 240 seconds.
Hmm, from 1.2b3 release notes:
* filter UDP ack timeout is now 240 instead of 24 seconds to make SIP 
  work properly

There should be a way to change this parameter, either through the GUI
or as hidden option in config.xml. This would help to better accommodate
the firewall with the SIP phones.

> The issue I have seen is that the monowall will not pass tftp traffic
> through NAT. Just as Peter stated, with voip becoming more popular, I
> truly believe there should be a fixup for tftp in the monowall. 

This point is much more complicated. Someone has to patch ipfilter (or
any other filtering software) for this. Exempt commercial products,
netfilter is the only free filtering software I know supporting tftp
connection tracking. An alternativ is a tftp-proxy, but I'm not sure if
we want to see the whole traffic going through userland (apart from
that, I'm not aware of the existence of any tftp-proxy). In the
meantime, you could try jftpd (see [1]) as tftp server.

Ciao ...
	... PIT ...

[1] http://freshmeat.net/projects/jtftp/

 copyleft(c) by |   _-_     snafu = Situation Normal All F%$*ed up
 Peter Allgeyer | 0(o_o)0

To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch