[ previous ] [ next ] [ threads ]
 
 From:  Brian <belstsrv at nauticom dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VoIP use DMZ or not?
 Date:  Wed, 09 Feb 2005 11:07:10 -0500
What I've done in the past was to assign a static LAN IP to the ATA. 
Then set up your shaping rules to prioritize the traffic to/from that 
local IP.  That saves the trouble of trying to figure out what ports the 
VoIP traffic is running on.  My provider uses random ports for the voice 
traffic, so I had to do it that way.

Hope that helps,
Brian

Boris Rudoy wrote:
> 
>>Boris,
>>
>>It depends upon what you hope to achieve, and how much fiddling you are
>>willing to do. I have an Asterisk based VOIP phone system in my home
>>office, although in the past I have used Vonage and the associated ATA.
>>Which provider have you selected?
> 
> 
> I start to use SunRocket (http://sunrocket.com)
> 
> They provide Telco Systems Access211 VoIP device . As I seen in
> specification it use SIP
> 
> http://www.kandk.fi/mp/db/file_library/x/IMG/10983/file/Access211.pdf
> 
> Actually no port forwarding required for this device configured with private
> IP.
> 
> So, all what I need it setup  traffic sharper for dedicate peace of
> bandwidth for VoIP.
> 
> 
> 
> Thank you for recommendation
> 
> 
> 
> 
> 
> 
>>Vonage and many other VOIP providers like VoicePulse, SIPPhone,
>>Broadvox, etc provide an analogue terminal adapter (ATA) that is
>>essentially a SIP to analogue FXS gateway. Early on Vonage provided
>>Cisco ATA-186s, but they now provide Motorola units. Some companies
>>provide Sipura SPA-1000/2000 boxes that are essentially the same thing.
>>
>>The thing to look for is if the ATA provides network pass-through with
>>QoS management. The Motorola units do, the Sipura do not. The Motorola
>>device is designed to be upstream of your entire network and take care
>>of the QoS issue for the VOIP sessions entirely internally. You can
>>still place them after your m0n0wall, but you'd then have to make
>>certain that m0n0 is also setup for the appropriate traffic shaping.
>>
>>With an ATA like the Sipura you simply port forward all the requisite
>>ports for SIP, which can be quite a few, to the device. Since SIP
>>handles call setup and teardown signalling separate from the call
>>datastream you end up forwarding ports 5060 & 5061 for call signalling
>>and 10000-10003 for RTP sessions. That presumes a dual port device as
>>such would require no more than 4 RTP streams at one time; one per
>>call, in each direction.
>>
>>The voip-wiki at www.voip-info.org has a lot of info about this stuff.
>>
>>In any case I wouldn't DMZ the ATA device. You'd be opening it up to a
>>host of exploits from the outside, including attempts to hack what are
>>normally web based administrative functions.
>>
>>Michael Graves
>>
>>On Tue, 8 Feb 2005 16:05:33 -0500, Boris Rudoy wrote:
>>
>>
>>>Sorry  if this is a newcomer question :-)
>>>I am adding VoIP to my network. Actually provider recommend  to install
> 
> it
> 
>>>before the router, but I don't thing it is good idea. Now It  work good
> 
> as
> 
>>>standard network device with local IP, so I have an option keep it
>>>connected  to swicth with local ip  or add one more network card in
>>>m0n0wall, configure DMZ and setip "gizmo" in DMZ mode.
>>>What way is better? I think I will want to setup traffic sharper for
>>>dedicate pipe for VoIP.  So will I have any advantage within DMZ
>>>configuration?
>>>
>>>Boris
>>
>>
>>
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
> 
>