[plug] help with SIP/RTP protocol

W.Kenworthy billk at iinet.net.au
Sat Apr 1 17:17:54 WST 2006 

I have not used that one, but xtenphone and twinkle (and a linksys PAP2
device) all allow you to set a range of ports + the SIP port (which you
just need to accept on the firewall machine, for me I use 5060, and
7070-7079 - all locked via iptables to the iinet server for WA) and then
specify the firewall IP address and set NAT on in the VoIP application.
Keepalives then keep the SIP channel open.  No need to port fwd or
anything else on the firewall as normal NAT then works.

A more flexible approach is to run asterix on the firewall so it talks
to its peers directly, and use extensions internally - this is the
approach I want to use but while I can peer with iinetphone, I have not
worked out the extension part yet!

BillK



On Sat, 2006-04-01 at 05:19 +0800, Jon Miller wrote:
> Yes it is, there is a application call MyNetFone that I cannot get RTP to get past firewall.
> 
> Jon
> 
> >>> billk at iinet.net.au 8:04:47 pm 31/03/2006 >>>
> Can of worms!  Is it RTP audio streaming, VoIP, ...
> 
> Both can be 'difficult' if RTP is dynamically allocating ports.
> 
> BillK
> 
> 
> On Sat, 2006-04-01 at 11:22 +0800, Jon Miller wrote:
> > I need to get RTP to go both ways thru our firewall (Debian 3.1 iptables).
> > I have constructed the following, but it is not working.
> > I can see the packets coming from the workstation on the LAN, but I cannot see RTP between the firewall and the router.  I'm sure the firewall is restricting or filtering this out.
> > I've constructed the OUTPUT rule to be something like 
> > $IPT -A OUTPUT -i $INT_IFACE -p udp --sport 49152:65535 -j ACCEPT$IPT -A OUTPUT -i $INT_IFACE -p udp --sport 7824 -j ACCEPT
> > 
> > The INPUT rule is something like:
> > $IPT -A INPUT -i $EXT_IFACE -p udp --sport 49152:65535 -j ACCEPT
> > $IPT -A INPUT -i $EXT_IFACE -p udp --sport 7824 -j ACCEPT
> > 
> > Does this look right?
> > 
> > 
> > Thanks
> > _______________________________________________
> > PLUG discussion list: plug at plug.org.au
> > http://www.plug.org.au/mailman/listinfo/plug
> > Committee e-mail: committee at plug.linux.org.au
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au

More information about the plug mailing list