On Tue, 14 Aug 2007 16:32:20 +0200, Hans-Werner Hilse wrote:
> Hi,
>
> On Tue, 14 Aug 2007 13:53:51 +0000 (UTC) Mateus Interciso
> <[EMAIL PROTECTED]> wrote:
>
>> Ok, so my ISP gives my just one IP, as it you have already guessed, and
>> yes, probably I did mixed up a lot of stuff, and I'm terrible sorry for
>> this.
>
> Oh, that's just fine for me, it's probably yourself you've caused some
> troubles and headaches.
>
>> I really don't need a bridge, as long as I can find a way to fix the
>> VoIP, I tought of the bridge because the win2k3 had it enabled for
>> routing the packages, it picked up on one side the internet connection
>> with a valid ip 200.*.*.* and on another NIC it had the internal
>> network (in that time 192.168.0.1/28), and it built a bridge (if I
>> remember right, using the 192.168.0.1 IP) and we connected to the
>> bridge, and the bridge was routing the packages from internal, to
>> external.
>
> Hm, I'd really wonder if that's what's called a bridge in Windows. That
> sounds like simple routing, easy to set up in Windows using the
> "Internet Sharing" options (which basically adds forwarding to the
> Internet interface -- you could do that with a registry hack, too) and
> add a simple DHCP server on the LAN side. Windows also has regular
> bridges and under certain circumstances sets up those automatically. But
> that's enough OT talk, this is Gentoo :-)
>
>> Of course I could be wrong, since I wasn't the guy who made this, and
>> since we needed a firewall, bether then the w2k3, we putted the gentoo
>> box, and I NATed the connection. So, basically, this is it.
>
> You'll have to continue using NAT. Drop all bridge-related configuration
> (i.e. keep away from brctl), configure the external interface to forward
> connections.
>
> Then you have to care for incoming connections. For a good SIP setup
> with more than one SIP client, I'd highly suggest looking at SIP proxies
> like siproxd. For one SIP client in the internal LAN you basically need
> to map a incoming connections on the relevant port (5060, I think) on
> the Router/Firewall PC to that internal client. If extensions or other
> protocols come into play, you should absolutely look for proxies for
> those protocols.
>
> Since there's only one IP, you have no bridging options and all your
> computers in the LAN have to look like one machine to the outside. You
> _have_ to use port forwarding or proxying.
>
> Feel free to ask further specific questions!
>
> -hwh
Ok, thanks a lot, this for sure cleared a lot of troubles I was having on
my head.
But for the SIP stuff, I have just one client, built the firewall using
fwbuilder (sometimes is more easier), and for instance here's the SIP
part on the nat table:
0 0 DNAT udp -- any any anywhere
200.*.*.* udp dpt:5060 to:10.0.0.112
Is this wrong?
Because the strange thing, is that it works for someplaces, but not for
others, and we really didn't had this issues with w2k3 routing stuff.
--
[EMAIL PROTECTED] mailing list
