On 9 May 2001, Jones Olatunji wrote: > I have a network behind a firewall that from which I would like to enable some of my clients to use some internet phone devices like yapgear and infoacel card. My firewall is on my gateway which is on RHlinux machine -implemented with ipchains for NAT. > > I was told putting my clients on a public IP will solve my problem , i.e outside my firewall. This I don't want to considering the security risk; hence I am planing to try port forwarding with ipchains to see if I can get around this. > > Has anybody done this before, I am not too familier with VOIP either, how can I find out what port to use ? VoIP uses a very complex signalling (sure, it's based on ISDN specs...), allocates ports dynamically, embeds them in the packet data etc. The traffic is in effect un-NAT'table, un-firewallable (effectively; you have to basically allow all >1024 UDP or so) and un-portfarwardable. Commercial implementations that do this do exist. One solution for Linux might be setting up a H.323 proxy in the firewall; this should work from behind NAT at least. See http://www.linuxtelephony.org for some pointers. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
