[Serusers] NAT ping and consumer router
Jiri Kuthan
jiri at iptel.org
Wed Aug 25 20:02:18 CEST 2004
At 07:45 PM 8/25/2004, Richard wrote:
>Hi,
>
>I hate to argue with a guru whose product benefits us a lot... :)
>
>Anyway, if you can program your ALG and fix any problem one might have, why
>isn't it a better choice? Some routers give away source code. They are linux
>kernel 2.4 with netfilter. It tracks various protocols besides SIP. I
>checked their code, it is no different than the methods used in nathelper,
>mangle the ip address embedded in SIP message. I'd think that it is
>definitely better than reducing registration interval, using voice proxy and
>sending pings.
Security does not work -- SIP/TLS will fail.
Secondly, I don't share your optimism on that ALG vendors will get
the application logic right. Field experience shows that my pesimistic
attitude is quite realistic. There were even bizzar products that
claimed support for SIP but actually mangled it in a way which broke
all communication. (Till this firewall was removed, SIP was running
at port 5070.)
>Btw, I don't think that one can find out a lot consumer based router working
>with NAT ping. 80% of products in the market are based on linux
>kernel/netfilter which only refreshes binding with outbound traffic and the
>timer for binding in 30 seconds by default.
Thanks -- that's interesting information. Anyhow -- I think that's an argument
for making end-devices to resend keep-alives frequently.
-jiri
More information about the sr-users
mailing list