[Asterisk-Dev] Uncommon callback

Steve Kann stevek at stevek.com
Mon May 23 07:08:08 MST 2005 

Paul wrote:

> SteveK wrote:
>
>>
>> On May 22, 2005, at 1:45 PM, Paul wrote:
>>
>>>>
>>>> Normally you'd have system #1 forward the call to system #2 itself
>>>> rather than having system #2 call back to #1. It sounds like you're
>>>> trying to work around the fact that system #2 is behind some kind  
>>>> of NAT
>>>> or stupid firewalling.
>>>> If that's the case, you'd do better just to fix that problem at  
>>>> source
>>>> rather than inventing complicated way of working around it. Or if you
>>>> really can't fix it, put up a VPN tunnel between the two machines to
>>>> bypass the firewalling.
>>>>
>>> I use port forwarding over SSH a lot. It's a lot easier than  
>>> modifying routers and firewalls. There are also things like PPP  
>>> over SSH. I googled up a few helpful pages on that one and am going  
>>> to try it out soon for something I want to do.
>>>
>>> To use either of the above for SIP or IAX transport I would do some  
>>> bandwidth testing untunneled and tunneled. I remember seeing some  
>>> comparison charts for vpn methods with bandwidth and latency  
>>> measurements. IIRC - it seemed to indicate some mathods would  
>>> really suck for voip.
>>>
>>
>> You can't tunnel IAX over ssh, because ssh port forwarding is UDP  
>> only.  And you don't really want to tunnel VoIP at all over TCP if  
>> you can avoid it, because if you drop a couple of packets, you end 
>> up  with a lot of latency.  Same goes for PPP over SSH, for the same 
>> reason.
>>
> I use it a lot for simple things like:
>
> Forward 192.168.1.1:8080 back to my localhost:portnumber so I can 
> access a broadband router.
>
> Forward vnc or terminal services ports back so I can get the desktop 
> of a windows workstation.
>
> Forward remote host port 631 to localhost:port so I can access the 
> cups web interface. I modify or setup a printer and then call to see 
> if the test page printed okay.
>
> Do you mean that ssh uses udp to transport the tcp involved in these 
> cases?
>
> I don't dispute that it might not be the best vpn method available. 
> For things not so temporary I usually use router based vpn. Whatever 
> is the best method for tunneling voip, I would hope that some hardware 
> router already supports it. If not, I have some unslung linksys nslu2 
> units here that need to feel useful.


OOPS!  I really meant SSH can only forward TCP.  It doesn't have any 
facility for forwarding UDP.  (I wrote exactly the opposite of what I 
meant!).  Sorry about that!


-SteveK

More information about the asterisk-dev mailing list