VoIP and IPFW
Forrest Aldrich
forrie at forrie.com
Wed Sep 8 17:17:21 PDT 2004
I see. I had imagined some traffic shaping and QoS necessities to
manage the service (on the FreeBSD box, though I don't know how it's QoS
works yet). I'd also be concerned about general security.
Jason George wrote:
>Subject: Re: VoIP and IPFW
>To: forrie at forrie.com
>Cc:
>
>
>
>>I'm also speaking of specific ipfw configuration to support this
>>functionality (QoS, traffic shaping, etc)...
>>
>>
>>
>>
>
>I have the Vonage box behind my OpenBSD pf firewall. "It just works".
>
>The box grabs a DHCP address and then initiates a UDP connection to
>the server at the Vonage end. Every 14 seconds, the box "polls"
>the head-end.
>
>dew# tcpdump -i le1 host 192.168.4.11
>tcpdump: listening on le1
>16:44:40.790962 216.115.25.20.5061 > 192.168.4.11.5061: udp 478 (DF)
>16:44:54.795825 192.168.4.11.5061 > 216.115.25.20.5061: udp 633
>16:44:54.884601 216.115.25.20.5061 > 192.168.4.11.5061: udp 479 (DF)
>16:45:08.896124 192.168.4.11.5061 > 216.115.25.20.5061: udp 633
>16:45:08.984711 216.115.25.20.5061 > 192.168.4.11.5061: udp 479 (DF)
>16:45:22.996351 192.168.4.11.5061 > 216.115.25.20.5061: udp 632
>16:45:23.121386 216.115.25.20.5061 > 192.168.4.11.5061: udp 478 (DF)
>16:45:37.129823 192.168.4.11.5061 > 216.115.25.20.5061: udp 633
>16:45:37.218418 216.115.25.20.5061 > 192.168.4.11.5061: udp 479 (DF)
>16:45:51.230049 192.168.4.11.5061 > 216.115.25.20.5061: udp 632
>16:45:51.425216 192.168.4.11.5061 > 216.115.25.20.5061: udp 632
>16:45:51.645703 216.115.25.20.5061 > 192.168.4.11.5061: udp 478 (DF)
>16:45:51.650558 216.115.25.20.5061 > 192.168.4.11.5061: udp 478 (DF)
>16:46:05.646906 192.168.4.11.5061 > 216.115.25.20.5061: udp 633
>16:46:05.735910 216.115.25.20.5061 > 192.168.4.11.5061: udp 479 (DF)
>16:46:19.747073 192.168.4.11.5061 > 216.115.25.20.5061: udp 633
>16:46:19.849489 216.115.25.20.5061 > 192.168.4.11.5061: udp 479 (DF)
>^C
>
>If an incoming call occurs, apparently the control message then causes
>The box to initiate an outbound connection for the actual call completion.
>
>16:47:29.997893 192.168.4.11.10000 > 216.18.39.148.15974: udp 172
>16:47:30.017540 216.18.39.148.15974 > 192.168.4.11.10000: udp 172 (DF)
>16:47:30.017803 192.168.4.11.10000 > 216.18.39.148.15974: udp 172
>16:47:30.038034 192.168.4.11.10000 > 216.18.39.148.15974: udp 172
>16:47:30.038671 216.18.39.148.15974 > 192.168.4.11.10000: udp 172 (DF)
>16:47:30.056087 216.18.39.148.15974 > 192.168.4.11.10000: udp 172 (DF)
>16:47:30.057945 192.168.4.11.10000 > 216.18.39.148.15974: udp 172
>16:47:30.075550 216.18.39.148.15974 > 192.168.4.11.10000: udp 172 (DF)
>16:47:30.078019 192.168.4.11.10000 > 216.18.39.148.15974: udp 172
>16:47:30.096761 216.18.39.148.15974 > 192.168.4.11.10000: udp 172 (DF)
>16:47:30.098179 192.168.4.11.10000 > 216.18.39.148.15974: udp 172
>16:47:30.117632 216.18.39.148.15974 > 192.168.4.11.10000: udp 172 (DF)
>16:47:30.118223 192.168.4.11.10000 > 216.18.39.148.15974: udp 172
>16:47:30.138180 192.168.4.11.10000 > 216.18.39.148.15974: udp 172
>16:47:30.138571 216.18.39.148.15974 > 192.168.4.11.10000: udp 172 (DF)
>16:47:30.154673 216.18.39.148.15974 > 192.168.4.11.10000: udp 172 (DF)
>
>
>I actually haven't made any pf configuration changes, but I will be putting
>in a QoS policy to guarantee ~100kbit/sec for the Vonage service. I
>had some complaints about the quality of my voice at the far end when I was
>uploading or emailing large attachments. (I'm using the highest-quality
>setting on a 4Mbit/~400kbit down/up cablemodem connection.)
>
>Otherwise, on an unloaded link, it's just fine.
>
>I hope this helps...I don't have any specific IPFW settigs...sorry!
>
>--J
>===
>Jason B. George, P.Eng., PMP - JGeorge at ResourceChain.com
>ResourceChain Inc. - Project Consulting
>(403) 703-5476 Cell (403) 668-0117 Office
>
>
>
>
More information about the freebsd-net
mailing list