To add to the discussion, I currently am a Vonage customer, using a mostly vanilla Bering setup. Currently (although could change later) I have my ATA on the same network as my other PCs. It hasn't caused any problems that I've found, and Bering has done an excellent job. One thing I did do (mostly preemptive) was to forward a specific set of ports (per Vonage documentation) to the ATA.
Those ports are : 5060,5061,53,69,10000:20000 Additionally, the line that I added in my shorewall rules configuration was this : lrcfg -> option 3 -> shorewall option -> option 6 #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST DNAT net loc:192.168.1.200 udp 5060,5061,53,69,10000:20000 - <public IP> I found the MAC of the ATA and gave it a dedicated IP address for simplicity and being able to track it. Another thing that I found is that I needed to setup a bit of ToS in order to continue offering my internal FTP site. That rule is as follows : lrcfg -> option 3 -> shorewall option -> option 16 #SOURCE DEST PROTOCOL SOURCE PORTS DEST PORTS TOS loc:192.168.1.200 all udp - - 16 loc:192.168.1.200 all udp - - 8 loc:192.168.1.200 all udp - - 2 It might be a bit redundant to have all three rules, but it seems to have worked pretty good. I received an updated package for the htb.init scripts, that I haven't tested yet, but once I do I'll post the results from that. I'd like to add that Vonage has been an excellent provider. I have not had any downtime with it, except due to a power loss (apartment maintenance). If anyone is planning on going to use Vonage, let me know. Their referall bonus is excellent. Both people get a free month of service. Before anyone signs up, allow me to forwrad a referral to you so we can both get a free month (sorry for the blatant plug). Hope any of the above was useful. Joey -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Doug Hite Sent: Saturday, March 13, 2004 12:08 PM To: [EMAIL PROTECTED] Subject: [leaf-user] Re: Vonage and Bering Just to add to this discussion - I too am investigating this option. There has been some discussion of Vonage on the Shorewall mailing lists - you can search them at shorewall.net - keyword "vonage". Looks like users on that list have gotten it to work - and a listing of the rules can be found there. Also you may want to check out http://www.voicepulse.com/default.aspx This is the other company I have heard mentioned on /. Not as much information on firewalls, but they use a different phone, so maybe its more "NAT friendly". Not as much coverage though if having a local number is wanted. I'm wondering if a 3 nic DMZ setup would be in order for a home deployment of this - where the only device in the DMZ was the phone. Might that reduce some of the security issues ? Doug ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=ick ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html