[ previous ] [ next ] [ threads ]
 
 From:  "Quark IT - Hilton Travis" <Hilton at quarkit dot com dot au>
 To:  "Chris Bagnall" <m0n0wall at minotaur dot cc>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Asterisk behind DMZ w/ traffic shaper
 Date:  Mon, 22 Aug 2005 12:09:56 +1000
Hi Chris,

> -----Original Message-----
> From: Chris Bagnall [mailto:m0n0wall at minotaur dot cc] 
> Sent: Monday, 22 August 2005 11:36
> 
> Hilton,
> 
> > By "cleared up" I hope you don't mean "totally removed" as 
> > these will probably be handy to see as well, if they are 
> > manual rules, not Magic Shaper ones.  These rules obviously 
> > interact with the VOIP rules to provide the solution that you 
> > have implemented.
> 
> Actually, the copy of the rules I posted to the list includes 
> my P2P rules from home. I generally don't use them at client 
> sites (they're offices where all PCs are configured by us and 
> the software on them is monitored pretty closely, so P2P isn't 
> a problem). At home I don't want to stop P2P, I just want to 
> prevent it sucking up all my bandwidth.

We're looking at getting a lot more seriously involved with VOIP here.
I've been using Skype since it was first available, Gizmo (a Skype-like
SIP program) and various VOIP services (including Free World Dialup)
personally, but nothing much really more than a "toy" as such.  (I have,
however, been heavily involved with H.323 video conferencing over the
years.)  We're looking at installing an Asterisk server here at the
office (home office) to get more familiar with both Asterisk and VOIP,
so the P2P rules will be helpful (for my flatmate's computer).  We'd
move to a "real" office if we could justify the expense, but since 99%
of what we do is onsite, there's no real need and we're set up quite
nicely at home.  :)

I also have a BSD webserver box that's hosted in the USA that I am
considering installing Asterisk on.  It has gobs of bandwidth and I was
thinking that maybe we could use this as a gateway, have the Asterisk
server here pipe everything through that server (therefore enabling
trunking, reducing our office bandwidth) and from there it would break
out to the other end of the call.  If this was feasible, we could also
allow our clients to use this to assist in reducing their bandwidth and
traffic usage as both bandwidth and traffic are generally quite
expensive in Australia compared to some of the more civilized countries.
:)

If this box became bogged down due to heavy VOIP usage, we could easily
migrate the VOIP to a gruntier box at the same location.

There are a few half-decent looking Australian SIP VOIP suppliers that I
would consider using with the Asterisk server to enable PC to Phone
calls.  But the number of SIP/VOIP supliers in Australia isn't that
great.

We generally monitor the software on our clients' PCs quite closely as
well and wouldn't consider P2P traffic to be an issue at any of our
client sites.  Of course, if you had a "frat house" as a client, this
may well be a different situation.

> > Do you implement a local Asterisk server at these client 
> > locations or do you connect only to an off-site Asterisk 
> > gateway?
> 
> At client sites we tend to deploy full asterisk servers. For 
> smaller clients it's quite useful to have a linux box on-site 
> anyway (quite often the asterisk server is the only one), 
> since that can be used in a cron+rsync setup for remote 
> backups as well, and saves using some proprietary windows
> software.

We generally deal with the SMB marketplace, so we're generally
installing Microsoft Windows SBS 2003 boxen at these sites.  The SBS
version of "ntbackup" is quite decent so we very, very rarely need 3rd
party (expensive) backup software.  Were we able to implement an Asterix
VOIP solution for these clients, I'm sure that a Linux/BSD box could
easily ake it onsite.  Any new machine these days should have ample
power to be an Asterisk server.

> Generally the IP phones or softphones - usually a combination 
> of both communicate SIP with the local asterisk server. These 
> are on the same subnet so there are no horrible NAT issues to 
> deal with (one of SIP's biggest problem areas). We then 
> configure an IAX <-> PSTN gateway from those boxes, as well 
> as linking them with asterisk in our own office for free 
> calls to/from our clients.

I totally understand having the IP phones on the same network as the
softphones and this, obviously, being on the same network as the
Asterisk server.  I have no wish to suffer the torture that is NATting
SIP - even though it is a **lot** easier than trying to do it with
H.323.  I remember trying to get H.323 devices functioning on corporate
networks a few years back.

The idea of allowing free calls from/to your clients is nice.  This
would be handy for us as we have a few clients (and likely getting more)
that are in a different area code, therefore the call costs can start
climbing, and I'd prefer to give as little money to Tel$tra as is
legally possible.

> I see you added me to your Skype list - feel free to get in 
> touch if you want a hand or an explanation of the stuff I 
> posted.

Yeah, Skype.  I don't like the idea of its P2P-style of operation nor
its proprietary protocol, but it is a tool, after all, and you use what
is available.  Hopefully soon I'll be able to IAX you instead of Skyping
you!  (I do have a UK National Local Call number - have a look at
http://www.voipuser.org/.  :)

> Regards,
> 
> Chris
> -- 
> C.M. Bagnall, Director, Minotaur I.T. Limited
> Tel: (07010) 710715   Mobile: (07811) 332969   Skype: minotaur-uk
> ICQ: 13350579   AIM: MinotaurUK   MSN: msn at minotaur dot cc   Y!: 
> Minotaur_Chris
> This email is made from 100% recycled electrons


--

Regards,

Hilton Travis                          Phone: +61 (0)7 3344 3889
(Brisbane, Australia)                  Phone: +61 (0)419 792 394
Manager, Quark IT                      http://www.quarkit.com.au
         Quark AudioVisual             http://www.quarkav.net

http://www.threatcode.com/ <-- its now time to shame poor coders 
into writing code that is acceptable for use on today's networks

War doesn't determine who is right.  War determines who is left.

This document and any attachments are for the intended recipient 
  only.  It may contain confidential, privileged or copyright 
     material which must not be disclosed or distributed.