Is it possible to use ser behind a astaro firewall? Or can Iimplement it on the firewall? greetz
Hans Scheffers JifLin B.V. Leliestraat 7 7151 GH Eibergen
Hello Hans,
hard to say, send us a description of what are you trying to achieve and some description of the firewall.
Jan.
On 03-05 13:11, Hans Scheffers wrote:
Is it possible to use ser behind a astaro firewall? Or can Iimplement it on the firewall? greetz
Hans Scheffers JifLin B.V. Leliestraat 7 7151 GH Eibergen
I have an Astaro Linux Firewall. This firewall blocks everything (what I want :)), and is based on on iptables. In my network I have a sip-phone (hardware & software) that i would like to use to make phone calles using VoIP When I use my Astaro Box, the Sip protocol isn't known on the firewall. I would like to use the SER to register my phone(s) and to place calls through the internet to other VoIP users (and if possible msn users :)
Hans Scheffers JifLin B.V. Leliestraat 7 7151 GH Eibergen
-----Oorspronkelijk bericht----- Van: Jan Janak [mailto:jan@iptel.org] Verzonden: zondag 4 mei 2003 14:36 Aan: Hans Scheffers CC: serusers@lists.iptel.org Onderwerp: Re: [Serusers] Firewall
Hello Hans,
hard to say, send us a description of what are you trying to achieve and some description of the firewall.
Jan.
On 03-05 13:11, Hans Scheffers wrote:
Is it possible to use ser behind a astaro firewall? Or can
Iimplement it
on the firewall? greetz
Hans Scheffers JifLin B.V. Leliestraat 7 7151 GH Eibergen
Hello,
On 05-05 10:17, Hans Scheffers wrote:
I have an Astaro Linux Firewall. This firewall blocks everything (what I want :)), and is based on on iptables. In my network I have a sip-phone (hardware & software) that i would like to use to make phone calles using VoIP When I use my Astaro Box, the Sip protocol isn't known on the firewall. I would like to use the SER to register my phone(s) and to place calls through the internet to other VoIP users (and if possible msn users :)
Getting VoIP that blocks everything is a complex topic. There are several proposals available, none of them works in all situations, though (except Rosenberg's recent ICE draft).
Basically, you can install ser in your NATed network and your SIP phones will be able to register. To make calls to the public internet your either must make your phones to put public IP address of the NAT box into SDP or you will have to use a ser module called nathelper which can mangle those IP addresses at the server. You will also probably need to set up portforwarding of port 5060 on your NAT box.
So, as you see, it is not easy. It depends a lot on your phones. Do they support STUN ? Can they be preconfigured to put public IP of the NAT into SDP ? What phones do you have ?
Jan.
Hans Scheffers JifLin B.V. Leliestraat 7 7151 GH Eibergen
-----Oorspronkelijk bericht----- Van: Jan Janak [mailto:jan@iptel.org] Verzonden: zondag 4 mei 2003 14:36 Aan: Hans Scheffers CC: serusers@lists.iptel.org Onderwerp: Re: [Serusers] Firewall
Hello Hans,
hard to say, send us a description of what are you trying to achieve and some description of the firewall.
Jan.
On 03-05 13:11, Hans Scheffers wrote:
Is it possible to use ser behind a astaro firewall? Or can
Iimplement it
on the firewall? greetz
Hans Scheffers JifLin B.V. Leliestraat 7 7151 GH Eibergen
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
On 06-05 07:54, Juha Heinanen wrote:
Jan Janak writes:
I have an Astaro Linux Firewall. This firewall blocks everything (what I want :)), and is based on on iptables.
if it based on iptables, then the right solution is to write a sip helper application for iptables. everything else is hackery.
And this is very tricky, that is the reason why there is no such helper application yet.
Jan.
But are there developers working on it?
Hans Scheffers JifLin B.V. Leliestraat 7 7151 GH Eibergen
-----Oorspronkelijk bericht----- Van: Jan Janak [mailto:jan@iptel.org] Verzonden: dinsdag 6 mei 2003 11:18 Aan: Juha Heinanen CC: Hans Scheffers; serusers@lists.iptel.org Onderwerp: Re: [Serusers] Firewall
On 06-05 07:54, Juha Heinanen wrote:
Jan Janak writes:
I have an Astaro Linux Firewall. This firewall blocks
everything (what I
want :)), and is based on on iptables.
if it based on iptables, then the right solution is to write a sip helper application for iptables. everything else is hackery.
And this is very tricky, that is the reason why there is no such helper application yet.
Jan.
I am not aware of any. There was an attempt to write such an application for ipchains for 2.2.x kernels, but it was only partially implemented and never ported to 2.4.x iptables.
Probably the easiest solution now is to get a phone with STUN support and set up port forwarding on the NAT box.
Jan.
On 06-05 11:36, Hans Scheffers wrote:
But are there developers working on it?
Hans Scheffers JifLin B.V. Leliestraat 7 7151 GH Eibergen
-----Oorspronkelijk bericht----- Van: Jan Janak [mailto:jan@iptel.org] Verzonden: dinsdag 6 mei 2003 11:18 Aan: Juha Heinanen CC: Hans Scheffers; serusers@lists.iptel.org Onderwerp: Re: [Serusers] Firewall
On 06-05 07:54, Juha Heinanen wrote:
Jan Janak writes:
I have an Astaro Linux Firewall. This firewall blocks
everything (what I
want :)), and is based on on iptables.
if it based on iptables, then the right solution is to write a sip helper application for iptables. everything else is hackery.
And this is very tricky, that is the reason why there is no such helper application yet.
Jan.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hans Scheffers writes:
But are there developers working on it?
i don't know. ask one of the iptables mailing list:
http://www.iptables.org/contact.html#list
-- juha
BTW, are you behind a NAT or just a firewall ?
Jan.
On 06-05 11:36, Hans Scheffers wrote:
But are there developers working on it?
Hans Scheffers JifLin B.V. Leliestraat 7 7151 GH Eibergen
-----Oorspronkelijk bericht----- Van: Jan Janak [mailto:jan@iptel.org] Verzonden: dinsdag 6 mei 2003 11:18 Aan: Juha Heinanen CC: Hans Scheffers; serusers@lists.iptel.org Onderwerp: Re: [Serusers] Firewall
On 06-05 07:54, Juha Heinanen wrote:
Jan Janak writes:
I have an Astaro Linux Firewall. This firewall blocks
everything (what I
want :)), and is based on on iptables.
if it based on iptables, then the right solution is to write a sip helper application for iptables. everything else is hackery.
And this is very tricky, that is the reason why there is no such helper application yet.
Jan.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
NAT, i have one public ip The problem with iptable/ipchains is the way they filter compared to Cisco a.s.o.
Hans Scheffers JifLin B.V. Leliestraat 7 7151 GH Eibergen
-----Oorspronkelijk bericht----- Van: Jan Janak [mailto:jan@iptel.org] Verzonden: dinsdag 6 mei 2003 12:18 Aan: Hans Scheffers CC: serusers@lists.iptel.org Onderwerp: Re: [Serusers] Firewall
BTW, are you behind a NAT or just a firewall ?
Jan.
On 06-05 11:36, Hans Scheffers wrote:
But are there developers working on it?
Hans Scheffers JifLin B.V. Leliestraat 7 7151 GH Eibergen
-----Oorspronkelijk bericht----- Van: Jan Janak [mailto:jan@iptel.org] Verzonden: dinsdag 6 mei 2003 11:18 Aan: Juha Heinanen CC: Hans Scheffers; serusers@lists.iptel.org Onderwerp: Re: [Serusers] Firewall
On 06-05 07:54, Juha Heinanen wrote:
Jan Janak writes:
I have an Astaro Linux Firewall. This firewall blocks
everything (what I
want :)), and is based on on iptables.
if it based on iptables, then the right solution is to
write a sip
helper application for iptables. everything else is hackery.
And this is very tricky, that is the reason why there is no such helper application yet.
Jan.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Jan Janak writes:
And this is very tricky, that is the reason why there is no such helper application yet.
firewall is a firewall and if someone implements one, it also means that the implementer must support all protocols its users need to get through it.
are you saying that implementing sip helper for iptables is more complicated than implementing sip support in firewalls like cisco pix, firewall one, nortel shasta, intertex, etc. that already have sip support.
-- juha
Astaro claims that SIP support is on their roadmap:
http://www.astaro.org/showflat.php?Cat=&Board=UBB2&Number=23082&...
On 06-05 12:40, Juha Heinanen wrote:
Jan Janak writes:
And this is very tricky, that is the reason why there is no such helper application yet.
are you saying that implementing sip helper for iptables is more complicated than implementing sip support in firewalls like cisco pix, firewall one, nortel shasta, intertex, etc. that already have sip support.
No, it is not more complicated. I am saying that SIP support is generally tricky. Getting signalling thought is easy, associated media streams is the hard part.
Jan.
On Tuesday 06 May 2003 12:13, Jan Janak wrote:
On 06-05 12:40, Juha Heinanen wrote:
Jan Janak writes:
And this is very tricky, that is the reason why there is no such helper application yet.
are you saying that implementing sip helper for iptables is more complicated than implementing sip support in firewalls like cisco pix, firewall one, nortel shasta, intertex, etc. that already have sip support.
No, it is not more complicated. I am saying that SIP support is generally tricky. Getting signalling thought is easy, associated media streams is the hard part.
I do not know the internals of pix etc. So it is hard to say for which platform it is more compilcated. AFAIK their is no SIP helper yet. And maybe it sounds hard, but i believe that their will be never one free available. The modules for ipchains was just a search and replacement of port numbers and IPs. And the netfilter team rejects to accept such a uncomplete module. They want a parser for SIP and SDP before they will accpet it as official part of netfilter. The hardest part for such a module is that it is not possible to resolve host names from the kernel space. And every UA is free to use DNS names or IPs in its SIP requests. Letting media trough the packet filter and connection tracking is also not easy but should be possible.
Regards Nils Ohlmeier
I had some initial problems with postgres on the 0.8.10 platform. Core dumps after running for a few days. However, I also had another problem that Jiri pointed out was fixed by a patch in ISSUES. I applied all of the patches and my core dump went away.
This email to report that postgres has been up and stable for a few weeks. No growth in program size, no core dumps.
I'll take another look at the CVS code later this week. I could never get the postgres module stable with the CVS stuff before. When is the official new release? If possible I definitely want the postgres module working for that!
---greg Greg Fausak August.Net Services, LLC greg@august.net
Hello Greg,
we have completed all major changes and will be testing the CVS code now, so it is good time to try to make postgres module stable with the current CVS version.
So we will commit mostly bug fixes now and if everything goes well then the current version + bugfixes will be the new release.
Let me know if you have any problems with the CVS version.
Jan.
On 06-05 08:29, Greg Fausak wrote:
I had some initial problems with postgres on the 0.8.10 platform. Core dumps after running for a few days. However, I also had another problem that Jiri pointed out was fixed by a patch in ISSUES. I applied all of the patches and my core dump went away.
This email to report that postgres has been up and stable for a few weeks. No growth in program size, no core dumps.
I'll take another look at the CVS code later this week. I could never get the postgres module stable with the CVS stuff before. When is the official new release? If possible I definitely want the postgres module working for that!
---greg Greg Fausak August.Net Services, LLC greg@august.net
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Greg Fausak -
Hans Scheffers -
Jan Janak -
Juha Heinanen -
Nils Ohlmeier