4 Dec
2003
4 Dec
'03
3:22 p.m.
On our lab we have a RH7.3 box with iptables firewall and NAT. When we were
initially testing the nathelper module we found out that external pings did
NOT keep the sessions alive on this box. Only pings going from inside
towards the internet. At that point we decided to simply rely on the
ability of devices like the ATA186 and GS phones to send a SIP Dummy packet
from behind the NAT in order to keep the sessions alive. So far this
approach has worked 100%. It is possible that the Linux box just needed
some tweaking, but we needed a solution that worked seamlessly with all
customers.
I belive we also tested another common broadband home router and it behaved
the same way.
Regards,
Andres
----- Original Message -----
From: "Jan Janak" <jan(a)iptel.org>
To: "Hans Eriksson" <hansa(a)mac.com>
Cc: "Klaus Darilion" <darilion(a)ict.tuwien.ac.at>at>;
<serusers(a)lists.iptel.org>
Sent: Thursday, December 04, 2003 3:09 PM
Subject: Re: [Serusers] symmetric nat/ broadband routers
On 04-12 18:12, Hans Eriksson wrote:
Klaus,
Many commersial grade firewalls do not keep sessions alive, regardsless
of external pings, so it won't work in rather too many cases.
Which firewalls behave this way, do you have any particular in mind ?
What makes you think that many firewall require traffic from inside to
keep the mapping open ?
Jan.
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers