[Asterisk-Users] Firewall will definately increasejitters inyourvoice conversation

Tim Connolly tim at timsnet.com
Sat Aug 13 15:34:06 MST 2005


On that note... IPSec tunnels seem to reek havoc on the echo
canceling/training process. Anytime our Cisco PIX loads up, the echo
complaints start coming in. Stay away from the IPSec tunnels. 

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Chris Travers
Sent: Saturday, August 13, 2005 5:18 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [Asterisk-Users] Firewall will definately increasejitters
inyourvoice conversation

Rich Adamson wrote:

>That's a crack of crap sold by the marketing (not sales) people selling
>firewalls. "If" you know what you're doing, one can very easily secure any
>linux system to function on the Internet (etc) without a firewall. It all
>depends on your level of knowledge/skills on how to disable those items
>that are not really needed in your environment. Start with a 'netstat -a'
>to identify those ports that are listening, and shut those items down that
>you don't want exposed.
>
>You "can" do the same for any MS system as well.
>
>  
>
But you still want a firewall here especially if you have several VOIP 
systems which could be making independent connections to the internet.  
The firewall in this case will hopefully not only do things like VPN for 
securing your data in trasit between your office and a remote one, but 
it will also provide a platform for QoS/traffic shaping.  To avoid the 
firewall here is actually *asking* for sound quality problems in 
addition to the fact that you no longer have the entrence point to your 
network secured.

Now to your point....  Almost any Linux system can be configured (if you 
know what you are doing) to perform all these firewalling functions.  
Just add an extra network card, put it on the perimeter of your network, 
set up iptables, traffic shaping, uninstall unnecessary software, use 
Netstat to doublecheck listening ports, etc. and you have your 
firewall.  A firewall doesn't have to be expensive but some form of 
perimiter control is very helpful in these cases.

Best Wishes,
Chris Travers
Metatron Technology Consulting




More information about the asterisk-users mailing list