Mr Dash Four wrote: > > Alternatively, it's more admin but also more reliable to statically >> configure everything. Manually configure each SIP device to use a >> different port for it's SIP traffic, and a different port range for >> it's RTP traffic. Configure them with knowledge of their public IP, >> and manually configure your firewall with all the corresponding NAT >> mappings. >> >THAT is exactly what I have been doing for the past year or so - very >painful experience, though once done it works for good (well, most of >the time!). I am also strongly against using STUN as, for me, this is an >abomination and should never EVER be used.
I agree, STUN is an abomination. However, as long as we have NAT (also an affront to common sense) then we need tools to work around the breakage. My experience is that, given a well behaved gateway, STUN is actually highly effective. Where it breaks down is gateways that are designed by people with the strange idea that randomising ports is a good idea. When that happens, the device cannot determine it's outside port since it will change between doing STUN and doing VOIP. For that reason I always advise strongly against having anything to do with Zyxel in your network if you also want to do VOIP. Commercial VOIP providers (we use Gradwell at work) get round these problems by providing NAT proxies that ignore the address/port combinations in the SIP packets and instead look at the actual address/port the SIP and RTP packets come from. I think you can probably tell what's been driving me nuts for the last few years ! When I started 5 years ago, they were just experimenting with VOIP at work - and all the phones were on public IPs outside the firewall because they hadn't (at the time) figured out how to make them work otherwise. Fortunately we had the IPs available because of our hosting services. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
