Wiley Siler
2005-Aug-15 13:31 UTC
[Asterisk-Users] Firewall will definatelyincreasejitters inyourvoice conversation
Do you mean this occurs when traffic is passed over an IPSec tunnel or that it occurs anytime a tunnel is use on a machine that also is passing VoIP traffic (outside the tunnel)? I assume you must mean over the tunnel but I am curious... Thanks, Wiley -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Tim Connolly Sent: Saturday, August 13, 2005 3:34 PM To: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: RE: [Asterisk-Users] Firewall will definatelyincreasejitters inyourvoice conversation On that note... IPSec tunnels seem to reek havoc on the echo canceling/training process. Anytime our Cisco PIX loads up, the echo complaints start coming in. Stay away from the IPSec tunnels. -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Chris Travers Sent: Saturday, August 13, 2005 5:18 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Firewall will definately increasejitters inyourvoice conversation Rich Adamson wrote:>That's a crack of crap sold by the marketing (not sales) people selling>firewalls. "If" you know what you're doing, one can very easily secure >any linux system to function on the Internet (etc) without a firewall. >It all depends on your level of knowledge/skills on how to disable >those items that are not really needed in your environment. Start witha 'netstat -a'>to identify those ports that are listening, and shut those items down >that you don't want exposed. > >You "can" do the same for any MS system as well. > > >But you still want a firewall here especially if you have several VOIP systems which could be making independent connections to the internet. The firewall in this case will hopefully not only do things like VPN for securing your data in trasit between your office and a remote one, but it will also provide a platform for QoS/traffic shaping. To avoid the firewall here is actually *asking* for sound quality problems in addition to the fact that you no longer have the entrence point to your network secured. Now to your point.... Almost any Linux system can be configured (if you know what you are doing) to perform all these firewalling functions. Just add an extra network card, put it on the perimeter of your network, set up iptables, traffic shaping, uninstall unnecessary software, use Netstat to doublecheck listening ports, etc. and you have your firewall. A firewall doesn't have to be expensive but some form of perimiter control is very helpful in these cases. Best Wishes, Chris Travers Metatron Technology Consulting _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Possibly Parallel Threads
Wisdom of the Ancients
