[asterisk-dev] Adding netfilter NATting/ALG support to chan_rtp

[Johansson Olle E]

6 nov 2008 kl. 21.20 skrev BJ Weschke:

> Johansson Olle E wrote:
>> 6 nov 2008 kl. 21.01 skrev Tzafrir Cohen:
>>
>>
>>> On Thu, Nov 06, 2008 at 10:20:19AM -0800, Philip Prindeville wrote:
>>>
>>>> Regarding my bug:
>>>>
>>>> http://bugs.digium.com/view.php?id=13833
>>>>
>>>> I just joined the mailing list, so if there's been any discussion
>>>> on how
>>>> to go about this, can someone bounce me a copy of the thread?
>>>>
>>>> Anyone put any thoughts into it?
>>>>
>>
>> In the discussions that I had with John at Astridevcon, we where
>> discussing
>> a generic interface to iptables/ipfw/pf through shell scripts. Might
>> be a way to
>> avoid licensing issues with iptables/netfilter.
>>
>> I would recommend reading the doc John refers to in the bug report.
>>
>>>> I'm not sure what the licensing difficulties are with netfilter.
>>>> Qwell:  can you explain that please?
>>>>
>>> Any hope for this to run with Asterisk that does not run as root?
>>>
>>
>>
>> I don't think you can be allowed to modify firewall configs without
>> being root or having
>> root privileges somehow.
>>
>>
> I haven't personally looked at the bug yet on the tracker, but I  
> would think a layer of abstraction would be desirable here so you  
> could do the shell scripts or you could signal a filtering device in  
> front of the host itself (so you could run Asterisk not as 'root'  
> but still afford the same level of protection as what we're talking  
> about here). There was a hardware vendor who used to do this with  
> Asterisk, but they've since gone out of business and the demo unit I  
> bought from them is now a paperweight.
>
Go to the bugtracker, follow John's reference and check his document.  
You will be surprised. And hopefully filled with lust to code.

/O