[Asterisk-Users] Firewall will definately
increasejitters inyourvoice conversation
Tim Connolly
tim at timsnet.com
Sat Aug 13 15:34:06 MST 2005
On that note... IPSec tunnels seem to reek havoc on the echo
canceling/training process. Anytime our Cisco PIX loads up, the echo
complaints start coming in. Stay away from the IPSec tunnels.
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Chris Travers
Sent: Saturday, August 13, 2005 5:18 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [Asterisk-Users] Firewall will definately increasejitters
inyourvoice conversation
Rich Adamson wrote:
>That's a crack of crap sold by the marketing (not sales) people selling
>firewalls. "If" you know what you're doing, one can very easily secure any
>linux system to function on the Internet (etc) without a firewall. It all
>depends on your level of knowledge/skills on how to disable those items
>that are not really needed in your environment. Start with a 'netstat -a'
>to identify those ports that are listening, and shut those items down that
>you don't want exposed.
>
>You "can" do the same for any MS system as well.
>
>
>
But you still want a firewall here especially if you have several VOIP
systems which could be making independent connections to the internet.
The firewall in this case will hopefully not only do things like VPN for
securing your data in trasit between your office and a remote one, but
it will also provide a platform for QoS/traffic shaping. To avoid the
firewall here is actually *asking* for sound quality problems in
addition to the fact that you no longer have the entrence point to your
network secured.
Now to your point.... Almost any Linux system can be configured (if you
know what you are doing) to perform all these firewalling functions.
Just add an extra network card, put it on the perimeter of your network,
set up iptables, traffic shaping, uninstall unnecessary software, use
Netstat to doublecheck listening ports, etc. and you have your
firewall. A firewall doesn't have to be expensive but some form of
perimiter control is very helpful in these cases.
Best Wishes,
Chris Travers
Metatron Technology Consulting
More information about the asterisk-users
mailing list