[zorp] Any plans for SIP support

[Bal...@mail.balabit.hu]

On Tue, Mar 13, 2001 at 03:50:17PM -0600, Igor S. Livshits wrote:
> Hi,
>
> Do you folks have any plans to support a media firewall based on SIP
> signaling? FYI, you may find the SIP RFC at
> <http://www.tec.informatik.uni-rostock.de/IuK/resources/rfcs/rfc2543.html>.

We don't have SIP in our plans, though anything reasonable can be added to
that list. What is SIP good for, and how do you think it could be
implemented on a firewall?

--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1

[Ig...@mail.balabit.hu]

At 10:24 AM +0100 on 3/14/01, Balazs Scheidler wrote:
>What is SIP good for, and how do you think it could be
>implemented on a firewall?

SIP is a signaling protocol for media streams (e.g., voice over RTP).
An ideal implementation would include the following ingredients:

1. Open incoming port 5060 (standard SIP port)

2. Dynamic opening and closing of channels for media streams
(RTP/RTCP) as negotiated by SIP messages

3. NAT for both SIP and media

4. Rewriting of SIP payloads to correspond to NAT (i.e., a
special-purpose slim SIP proxy)

For some examples, take a look at the Cisco PIX "sip fixup" [payload
adjustment lacking], Aravox media firewall coupled with a dynamicsoft
firewall control proxy, the offering from Microappliances
<http://www.microappliances.com/applications/ALG/alg.html> [limited
information on functionality], and the Linux SIP masquerade module
<http://www.siphappens.com/masquerade/draft-biggs-sip-nat-00.txt>.

Thanks, Igor

[Ig...@mail.balabit.hu]

Hi,

Do you folks have any plans to support a media firewall based on SIP
signaling? FYI, you may find the SIP RFC at
<http://www.tec.informatik.uni-rostock.de/IuK/resources/rfcs/rfc2543.html>.

Thanks, Igor