[ previous ] [ next ] [ threads ]
 From:  "David Drysdale" <david dot drysdale at vision dash networking dot ca>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Sip VoIP with no DMZ
 Date:  Mon, 18 Oct 2004 12:40:53 -0300
I am testing monowall for a remote office running a SIP mitel 5055 VoIP
phone. I like monowall because of it traffic shaping options. I found very
good documentation in the mailing list archives about that.


But I am experiencing a problem I can't solve yet. I have a warp board with
only two nic cards and no DMZ. Can I run the VoIP phone in the LAN? I have
had it working with a linksis router and have forwarded the ports required.
But we only get one way calls now that we have the monowall firewall. 


This is what my supplier tells me.


The Mitel SIP phone is behind a remote, NATing firewall with a private IP
address.  If that's the case the remote firewall must be SIP-capable.
NATing or Portforwarding solutions simply won't work (with the exception of
1-to-1 NATing).  You'll get one-way audio.

You can portforward and/or NAT the call setup, and even the RTP, but the SIP
packets themselves will not reach the calling end, as the SIP headers from
the phone will still contain a non-routable IP address.  This is a problem
universal to SIP.



From you archives other people have had SIP working with monowall. But all I
could find had a dmz. Do any of you know of another way to use it? Could I
use 1-to-1 nat with only one public IP? Thanks in advance for the help.