Michael Andersson wrote: > I have just bought > a voip box that either needs to be in front of my existing > router(shorewall), or behind it in a dmz, or behind it if my router > supports symmetric nat. The second option is what i would prefer. I dont > even know what the third option is.
It only applies if you have more than one public IP address. > However, looking at the > documentation it will only explain a solution when i have a separate nic > for the dmz. When the documentation for consumer-grade products talks about a DMZ, it bears little or no resemblance to a DMZ as described in the Shorewall documentation. But in both cases, a DMZ involves a separate NIC. > The voip must have at least 128kb/s in both directions for a satisfying > sound quality over the phone, but the traffic shaping/control page > doesn't mention if the is possible to achieve with a dmz, or i might not > understand it completely. Only your ISP can guarantee a level of service for inbound traffic. Shorewall traffic shaping can ensure that your voip traffic gets 128kbs outbound, with or without a DMZ. > My local network is in the 192.168.0.0 subnet and the voip box will be > on 192.168.1.0 subnet, will this cause any trouble? Depends on how you configure your IP network. Without adding another NIC, you can configure two IP addresses on your internal interface -- the current one in the 192.168.0.0 network and a second one in the 192.168.1.0 network. That second address must be default gateway configured for the voip device. > So is it possible to have a dmz and a non dmz network sharing the same > nic on the shorewall machine? By definition, no. Can you make it work with a single NIC? Probably -- just make your last entry in the rules file a DNAT rule that forwards all untracked inbound traffic to your voip device. > And is it possible to do the kind of shaping i want on the dmz? Yes. Again, DMZ or no DMZ makes no difference. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
