Re: netfilter & SIP

On 09/28/2007 07:32 PM, Miss Terre wrote:
In article <96dvs4x3dn.ln2@xxxxxxxxxxxxxxxx>,
bsd.SANSPAM@xxxxxxxxxxxxxxxxx says...
On 09/28/2007 06:59 PM, Miss Terre wrote:
In article <87zlz7ylgt.fsf@xxxxxxxx>, Mark.Carroll@xxxxxxxxxx says...
Miss Terre <Miss@xxxxxx> writes:

is there a patch for netfilter regarding the SIP protocol (for telephony
in VOIP).
It seems there is, but, I can not find it.
Any suggestions ?
What do you want the patch to do? What feature are you missing?

(You know about things like CONFIG_IP_NF_SIP? If it's a NAT issue,
recent kernels have SIP-aware stuff, though I think the earlier attempts
were a bit flaky.)

Mark

Great !
This effectively concerns the NAT issue. How make a PC behind a linux
firewall with MASQUERADING working with X-lite ?
I'll dig this !
thanks a lot.
The X-lite and many other good SIP clients/servers can also use STUN for
traversing UDP datagrams/packets over NAT.

My goal is to make X-lite (under windows, on a PC behind the firewall)
be able to work through the linux firewall, with no modification (as
possible) on the windows client.

You need not modify anything on any machine, think that you don't even
have control over these; just configure your X-Lite to use some
publically available stun server.

Would STUN help for this ?

Yes.

I must admit I didn't know STUN.

Tsk, tsk! try Wikipedia http://en.wikipedia.org/wiki/STUN

<blah>
In case STUN does not serve your purpose well and, or you still are
interested to go by netfilter route, the http://www.iptel.org/sipalg/
page could be quite handy.

I have:
[bsd@cto ~]$ grep SIP=. /usr/src/linux-2.6.22.8/.config
CONFIG_NF_CONNTRACK_SIP=m
CONFIG_NF_NAT_SIP=m
</blah>

--
Dr Balwinder S "bsd" Dheeman Registered Linux User: #229709
Anu'z Linux@HOME Machines: #168573, 170593, 259192
Chandigarh, UT, 160062, India Gentoo, Fedora, Debian/FreeBSD/XP
Home: http://cto.homelinux.net/~bsd/ Visit: http://counter.li.org/
.

Relevant Pages

  • Re: netfilter & SIP
    ... This effectively concerns the NAT issue. ... firewall with MASQUERADING working with X-lite? ... My goal is to make X-lite (under windows, on a PC behind the firewall) ... Would STUN help for this? ...
    (comp.os.linux.networking)
  • Re: home network behind NAT and firewall ?
    ... >> real Firewall appliance with more than 20 systems at any given time. ... >> firewall provides for the ability to assign both public (not nat) and ... that would reset the router and allow remote control - it was noted ... >> LAN inside their network and it would never have to reach the ISP's ...
    (comp.security.firewalls)
  • Re: NAT vs. True Firewalls
    ... not just mean packet filter. ... A firewall can be made up of one or more ... components that can block or filter protocol traffic between two networks. ... So a NAT can be as much part of a firewall implementation as the ...
    (comp.security.firewalls)
  • Re: 56k dial up on laptop 802.11G ?
    ... NAT is not FW software. ... > firewall is literally anything that defends your network against ... >>By comparing the way NAT functions between two networks, ... >>And I consider the FW appliance to out class the packet filtering NAT ...
    (alt.internet.wireless)
  • EBS 2008, TMG and external firewall. Dont want double NAT
    ... the internal interface of the security server. ... accessible through the external IP (whilst NAT is still turned on as is ... I forward from the firewall to the internal interface it works (external ... apparently this does use the publishing rule for acceptance of the ...
    (microsoft.public.windows.server.sbs)