[ previous ] [ next ] [ threads ]
 
 From:  zealot <zealot at tradersguild dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VoIP Conf
 Date:  Mon, 03 May 2004 08:45:01 -0500
Paul Rasmussen wrote:

>>Alex -- are you using a VoIP software phone on your computer, or do 
>>you have an external VoIP box?
>>
>>Here are my rules which I'm using to good success with my Vonage VoIP 
>>box, which is "vox," below.  Let me know if you need to see an example 
>>of traffic shaping to increase the priority of VoIP traffic, I think 
>>I've got that sussed, as well.
>>
>>     <nat>
>>        <rule>
>>            <protocol>udp</protocol>
>>            <external-port>69</external-port>
>>            <target>vox</target>
>>            <local-port>69</local-port>
>>            <descr>VoIP</descr>
>>        </rule>
>>        <rule>
>>            <protocol>udp</protocol>
>>            <external-port>123</external-port>
>>            <target>vox</target>
>>            <local-port>123</local-port>
>>            <descr>VoIP</descr>
>>        </rule>
>>        <rule>
>>            <protocol>udp</protocol>
>>            <external-port>4500</external-port>
>>            <target>twowords</target>
>>            <local-port>4500</local-port>
>>            <descr>VPN traffic</descr>
>>        </rule>
>>        <rule>
>>            <protocol>udp</protocol>
>>            <external-port>5060-5063</external-port>
>>            <target>vox</target>
>>            <local-port>5060</local-port>
>>            <descr>VoIP</descr>
>>        </rule>
>>        <rule>
>>            <protocol>udp</protocol>
>>            <external-port>10000-20000</external-port>
>>            <target>vox</target>
>>            <local-port>10000</local-port>
>>            <descr>VoIP</descr>
>>        </rule>
>>     </nat>
>>
>>[...]
>>
>>     <filter>
>>        <rule>
>>            <interface>wan</interface>
>>            <protocol>udp</protocol>
>>            <source>
>>                <any/>
>>            </source>
>>            <destination>
>>                <address>vox</address>
>>                <port>5060-5063</port>
>>            </destination>
>>            <descr>NAT VoIP</descr>
>>        </rule>
>>        <rule>
>>            <interface>wan</interface>
>>            <protocol>udp</protocol>
>>            <source>
>>                <any/>
>>            </source>
>>            <destination>
>>                <address>vox</address>
>>                <port>123</port>
>>            </destination>
>>            <descr>NAT VoIP</descr>
>>        </rule>
>>        <rule>
>>            <interface>wan</interface>
>>            <protocol>udp</protocol>
>>            <source>
>>                <any/>
>>            </source>
>>            <destination>
>>                <address>vox</address>
>>                <port>69</port>
>>            </destination>
>>            <descr>NAT VoIP</descr>
>>        </rule>
>>        <rule>
>>            <interface>wan</interface>
>>            <protocol>udp</protocol>
>>            <source>
>>                <any/>
>>            </source>
>>            <destination>
>>                <address>vox</address>
>>                <port>10000-20000</port>
>>            </destination>
>>            <descr>NAT VoIP</descr>
>>        </rule>
>>     </filter>
>>
>>
>>Adam
>>
>>-- 
>>Lose your mind and come to your senses.  -Fritz Perls         
>> <adam at baz dot org>
>>
> 
> Hi Adam,
> 
> I'm trying to run VoIP on a Sipura external box but so far it hasn't been
> too successful. I would be greatful for an example of you VoIP traffic
> shapeing.
> 
> Regards,
> Paul

Paul,

With my Sipura SPA-2000 phone adapter and VoicePulse VOIP service, I 
configured m0n0wall with the following NAT settings:

Inbound NAT
-----------
Proto: UDP
Ext. port range: 5060
NAT IP: 10.0.0.199 (change as needed)
Int. port range: 5060

Proto: UDP
Ext. port range: 5061
NAT IP: 10.0.0.199 (change as needed)
Int. port range: 5061

This allows incoming phone calls. Outbound phone calls worked without 
any changes to m0n0wall's default firewall rule set. Add firewall rules 
as needed for your setup.

z