The Vonage RT31P2 does not talk H.323, and it's not necessary to do anything other than plain vanilla NAT to have it work through a firewall. That is, no port forwarding, no SIP payload re-writing, etc. Just plain vanilla NAT for both the SIP signaling and the RTP payload will be all that's necessary.

I use ipfw with my Vonage service, but there's nothing special that I do for NAT. I don't do ipf..

Louis Mamakos


Vladimir Botka wrote:
Hello,
if your "Vonage linksys RT31P2" talks H323 try /usr/ports/net/gatekeeper in proxy mode.

Cheers,
Vladimir Botka

On Sun, 12 Jun 2005, Damon Hopkins wrote:

I can reproduce this very easily.. I pick up my phone and make a call
Current Setup
<Cable Modem>---<FreeBSD 5.4 Stable>---<HUB>--<Machines>
                                        \------<Vonage Linksys RT31P2>

I've tried various nap rules and ipf filter settings.. here are the
current mappings and setup.. the kernel is GENERIC w/ the debuggong
stuff put in it.
---------------- IPNAT RULES --------------------
map vr0 10.69.0.0/24 -> 0/32 proxy port ftp ftp/tcp
map vr0 10.69.0.0/24 -> 0/32

----------------- IPF RULES ---------------------
pass in quick on lo0 proto tcp from any to any flags S keep state
pass in quick on lo0 proto udp from any to any keep state
pass in quick on lo0 proto icmp from any to any keep state
pass in quick on lo0 all keep state
pass out quick on lo0 proto tcp from any to any flags S keep state
pass out quick on lo0 proto udp from any to any keep state
pass out quick on lo0 proto icmp from any to any keep state
pass out quick on lo0 all keep state

pass in quick on rl0 proto tcp from any to any flags S keep state
pass in log first quick on rl0 proto udp from any to any keep state
pass in log first quick on rl0 proto icmp from any to any keep state keep frags
pass in quick on rl0 all keep state
pass out quick on rl0 proto tcp from any to any flags S keep state
pass out log first quick on rl0 proto udp from any to any keep state
pass out log first quick on rl0 proto icmp from any to any keep state
keep frags
pass out quick on rl0 all keep state

pass in quick on vr0 proto tcp from any to any flags S keep state keep frags
pass in quick on vr0 proto udp from any to any keep state keep frags
pass in log first quick on vr0 proto icmp from any to any keep state
keep frags
pass in quick on vr0 all keep state keep frags
pass out quick on vr0 proto tcp from any to any flags S keep state keep
frags
pass out quick on vr0 proto udp from any to any keep state keep frags
pass out log first quick on vr0 proto icmp from any to any keep state
keep frags
pass out quick on vr0 all keep state keep frags

pass in quick on ng0 proto tcp from any to any flags S keep state
pass in quick on ng0 proto udp from any to any keep state
pass in log first quick on ng0 proto icmp from any to any keep state
pass in quick on ng0 all keep state
pass out quick on ng0 proto tcp from any to any flags S keep state
pass out quick on ng0 proto udp from any to any keep state
pass out log first quick on ng0 proto icmp from any to any keep state
pass out quick on ng0 all keep state

<SNIP> MORE ng rules form my other VPNS </SNIP>
I've also just tried to pass everything
pass in quick on vr0 all
pass out quick on vr0 all

but that didn't help any

I've notices a lot of UDP traffic from the linksys adapter durring a phone call..

Thanks Guys.. I hope this gets fixes real fast cause my old number goes away in a few days and this is not going to be fun.. I can't put the linksys adapter in front of the firewall because it doesn't route my VPN's.. we use MPD and bgpd (zebra)


Later,
Damon Hopkins

------------- DEBUG OUTPUT ----------------------
Fatal trap 12: page fault while in kernel mode
fault virtual address    = 0xc
fault code        = supervisor read, page not present
instruction pointer    = 0x8:0xc0651550
stack pointer        = 0x10:0xd3d46aec
frame pointer        = 0x10:0xd3d46af8
code segment        = base 0x0, limit 0xfffffm type 0x1b
            = DPL 0, pres 1, def32 1, gran 1
processor eflags    = interrupt enabled, resume, IOPL = 0
current process        = 27 (swi1:net)
[thread pid 27 tid 100021 ]
Stopped at m_copydata+0x28:    movl    0xc(%esi),%eax
db> examine
m_copydata+0x28:    290c468b
db> trace
Tracing pid 27 tid 100021 td 0xc15a4180
mcopydata(c17fa400,0,38,c193abc0,0) at m_copydata+0x28
ipllog(0,d3d46bc8,d3d46b50,d3d46b48,d3d46b40) at ipllog+0x1f1
ipflog(105819,c17fa450,d3d46bc8,c17fa400,0) at ipflog+0x18f
fr_check(c17fa450,14,c16c6000,0,d3d46c70) at fr_check+0xc6c
fr_check_wrapper(0,d3d46c70,c16c6000,1,0) at fr_check_wrapper+0x2a
pfil_run_hooks(c08fa5c0,d3d46cbc,c16c600,1,0) at pfil_run_hooks+0xeb
ip_input(c17fa400) at ip_input+0x211
netisr_processqueue(c08f9858) at netisr_processqueue+0x9f
swi_net(0) at swi_net+0xee
ithread_loop(c159a500,d3d46d38) at ithread_loop+0x151
fork_exit(c0609f4c,c159a500,d3d46d38) at fork_exit+0x74
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xd3d46d6c, ebp = 0 ---

_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"



_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to