[ previous ] [ next ] [ threads ]
 From:  "Boris Rudoy" <boris at rudoy dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] VoIP use DMZ or not?
 Date:  Wed, 9 Feb 2005 10:46:04 -0500
> Boris,
> It depends upon what you hope to achieve, and how much fiddling you are
> willing to do. I have an Asterisk based VOIP phone system in my home
> office, although in the past I have used Vonage and the associated ATA.
> Which provider have you selected?

I start to use SunRocket (http://sunrocket.com)

They provide Telco Systems Access211 VoIP device . As I seen in
specification it use SIP


Actually no port forwarding required for this device configured with private

So, all what I need it setup  traffic sharper for dedicate peace of
bandwidth for VoIP.

Thank you for recommendation

> Vonage and many other VOIP providers like VoicePulse, SIPPhone,
> Broadvox, etc provide an analogue terminal adapter (ATA) that is
> essentially a SIP to analogue FXS gateway. Early on Vonage provided
> Cisco ATA-186s, but they now provide Motorola units. Some companies
> provide Sipura SPA-1000/2000 boxes that are essentially the same thing.
> The thing to look for is if the ATA provides network pass-through with
> QoS management. The Motorola units do, the Sipura do not. The Motorola
> device is designed to be upstream of your entire network and take care
> of the QoS issue for the VOIP sessions entirely internally. You can
> still place them after your m0n0wall, but you'd then have to make
> certain that m0n0 is also setup for the appropriate traffic shaping.
> With an ATA like the Sipura you simply port forward all the requisite
> ports for SIP, which can be quite a few, to the device. Since SIP
> handles call setup and teardown signalling separate from the call
> datastream you end up forwarding ports 5060 & 5061 for call signalling
> and 10000-10003 for RTP sessions. That presumes a dual port device as
> such would require no more than 4 RTP streams at one time; one per
> call, in each direction.
> The voip-wiki at www.voip-info.org has a lot of info about this stuff.
> In any case I wouldn't DMZ the ATA device. You'd be opening it up to a
> host of exploits from the outside, including attempts to hack what are
> normally web based administrative functions.
> Michael Graves
> On Tue, 8 Feb 2005 16:05:33 -0500, Boris Rudoy wrote:
> >Sorry  if this is a newcomer question :-)
> >I am adding VoIP to my network. Actually provider recommend  to install
> >before the router, but I don't thing it is good idea. Now It  work good
> >standard network device with local IP, so I have an option keep it
> >connected  to swicth with local ip  or add one more network card in
> >m0n0wall, configure DMZ and setip "gizmo" in DMZ mode.
> >What way is better? I think I will want to setup traffic sharper for
> >dedicate pipe for VoIP.  So will I have any advantage within DMZ
> >configuration?
> >
> >Boris