6 May
2003
6 May
'03
2:38 p.m.
On Tuesday 06 May 2003 12:13, Jan Janak wrote:
On 06-05 12:40, Juha Heinanen wrote:
I do not know the internals of pix etc. So it is hard to say for which
platform it is more compilcated.
AFAIK their is no SIP helper yet. And maybe it sounds hard, but i believe that
their will be never one free available.
The modules for ipchains was just a search and replacement of port numbers and
IPs. And the netfilter team rejects to accept such a uncomplete module. They
want a parser for SIP and SDP before they will accpet it as official part of
netfilter.
The hardest part for such a module is that it is not possible to resolve host
names from the kernel space. And every UA is free to use DNS names or IPs in
its SIP requests.
Letting media trough the packet filter and connection tracking is also not
easy but should be possible.
Regards
Nils Ohlmeier
Jan Janak writes:
No, it is not more complicated. I am saying that SIP support is
generally tricky. Getting signalling thought is easy, associated media
streams is the hard part. And this is very tricky, that is the reason why
there is no such
helper application yet.
are you saying that implementing sip helper for iptables is more
complicated than implementing sip support in firewalls like cisco pix,
firewall one, nortel shasta, intertex, etc. that already have sip
support.