[asterisk-dev] Adding netfilter NATting/ALG support to chan_rtp
BJ Weschke
bweschke at gmail.com
Thu Nov 6 14:20:36 CST 2008
Johansson Olle E wrote:
> 6 nov 2008 kl. 21.01 skrev Tzafrir Cohen:
>
>
>> On Thu, Nov 06, 2008 at 10:20:19AM -0800, Philip Prindeville wrote:
>>
>>> Regarding my bug:
>>>
>>> http://bugs.digium.com/view.php?id=13833
>>>
>>> I just joined the mailing list, so if there's been any discussion
>>> on how
>>> to go about this, can someone bounce me a copy of the thread?
>>>
>>> Anyone put any thoughts into it?
>>>
>
> In the discussions that I had with John at Astridevcon, we where
> discussing
> a generic interface to iptables/ipfw/pf through shell scripts. Might
> be a way to
> avoid licensing issues with iptables/netfilter.
>
> I would recommend reading the doc John refers to in the bug report.
>
>>> I'm not sure what the licensing difficulties are with netfilter.
>>> Qwell: can you explain that please?
>>>
>> Any hope for this to run with Asterisk that does not run as root?
>>
>
>
> I don't think you can be allowed to modify firewall configs without
> being root or having
> root privileges somehow.
>
>
I haven't personally looked at the bug yet on the tracker, but I would think a layer of abstraction would be desirable here so you could do the shell scripts or you could signal a filtering device in front of the host itself (so you could run Asterisk not as 'root' but still afford the same level of protection as what we're talking about here). There was a hardware vendor who used to do this with Asterisk, but they've since gone out of business and the demo unit I bought from them is now a paperweight.
--
Bird's The Word Technologies, Inc.
http://www.btwtech.com/
More information about the asterisk-dev
mailing list