Iptables breaks a working VoIP phone?

Shane Hathaway shane at hathawaymix.org
Tue Oct 30 17:10:11 MDT 2007

Kenneth Burgener wrote:
> Do you think there is a
> possibility that BroadVoice would give me the admin password to their
> hardware?

I imagine not, because that's their lock-in strategy.  I used a
SunRocket gizmo for a week, and it turns out they were pretty cunning:

- The default configuration (after you push the reset button) is not
functional and only retrieves a replacement configuration from a URL.
- The configuration information was encrypted using RC4 with a secret
key, probably involving the device's serial number.
- Once configured, the device hid the configuration from me.
- Although I could gain administrator access by pushing the reset button
while shielding the device from the Internet, I could not find out my
SIP password to register with SunRocket.

I returned the gizmo right away after discovering that SunRocket sees
its customers as adversaries.  I imagine BroadVoice does similar tricks.

> 1. The firewall box was the oldest box I had laying around, so it isn't
> beefy.  Doesn't the audio encoding consume quite a bit of processing
> power? (That is if I can solve #3)

I don't think so.  When I run a conference call with 4 participants on
Asterisk, it has to decode and encode a stream for each of the 4
connections, yet the whole conference consumes a whopping 2% of the CPU.
 The CPU is an AMD64 3000.

> 2. The Sipura ATA required ZERO configuration to get my analog phones to
> just work.  The asterisk box will require configuring and tuning.
> (Which is more of an inconvenience than a problem)

Very true.  Asterisk has its own configuration language that you'd have
to decipher.  OTOH, it's surprisingly fun to play with phones, like
making your telephone answer with an official-sounding "Nobody here but
us chickens."  Also, Asterisk is a good way to tap into incredibly
inexpensive VOIP options such as:


Your best option right now is probably to dig in with tcpdump /
wireshark and see the SIP messages directly.  Note that SIP looks a lot
like HTTP, so it's easy to read.  Once you're armed with the SIP
headers, you'll be able to ask the right questions on the Shorewall
mailing lists.


More information about the PLUG mailing list