Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
My company recently moved from a business DSL line to a T1 w/ VOIP package from Broadview. In our old setup the DSL came into our firewall (a RedHat 9 box) on eth0 and our local network was attached to a switch behind eth1. With the new setup, however, Broadview wants us to put the Cisco2431-8FXS router they've provided us on the same switch that the firewall and local network machines are attached to. Obviously this isn't a terribly secure setup. Since they haven't been much help with alternative setups, I've tried a few of my own and getting the computers behind the firewall isn't a problem, but the Mitel phones are a bit more complicated.
First I tried to use proxy arp on our firewall to respond for the Broadview router IP the phones use as a gatway. With this setup if I configure my computer with an IP within the phones subnet I can ping the Broadview router, and I can ping the server the phones seem to be registering with (lets call it the phone server), but I can only ping the phone server, no ports seem to be open on it, including the TFTP service that the phones use once they get an IP. I think this might be solveable if I could retrieve and address for the phones via DHCP, however, I installed dhcrelay on the firewall and although it relays the phones DHCP discover request, neither the Broadview router nor the phone server will reply. What I'd like to do is configure our firewall to simply rebroadcast DHCP traffic between eth0 and eth1 unchanged, but if that's possible, I haven't been able to find a way.
Second attempt was to assign the phones addresses within our local subnet and then masquerade them as addresses within the phone subnet. After some packet sniffing I worked out the proper DHCP options to get the phones to accept a DHCP offer, but once again, no ability to contact the phone server for TFTP.
My guess is that the "phone server" will not respond to any IP it hasn't assigned via DHCP, but it also will not respond to relayed DHCP requests, most likely because they are non broadcast traffic with a source address outside of it's acceptable range. At this point I can't even think of what the next thing to try is. As a last resort I might add 2 additional NICs to the firewall, bridge them, and filter traffic using ebtables, but I would also like to be able to move some of these phones offsite and use them over a VPN tunnel, and a bridge will make that more complicated (I'd need separate tunnels at each offsite location for phone and data I think). Any suggestions would be greatly appreciated and thanks for taking the time to look this over.
I can't speak for using Mitel phones, but its my understanding that most VoIP phones expect a special option within the DHCP scope that defines the address of the tftp server the phone will contact for its config info after the IP stack comes up. When using Cisco VoIP phones, its option 150. Maybe the Mitel ip phones are expecting a similar option within the DHCP reply.
Example: from a cisco router configured as DHCP server at a home office. This same router connects into corporate network via VPN. So the home office IP phone can download its config via tftp and register with Call Manager.
ip dhcp pool IP-Phones
network 192.168.64.16 255.255.255.248
dns-server 10.22.22.10 10.33.33.10
option 150 ip 10.44.44.10 10.44.44.11
Thanks, I had actually used a packet sniffer to view the options getting sent to the phones and configured them in my DHCP server, but I appreciate the tip.
I think I've got it now and here is how I got it to work for posterity:
The trick seems to be using dhcp-forwarder rather than dhcrelay. The dhcrelay program was setting my routers internal address in the giaddr field of the relayed DHCP request, which the Broadview DHCP server didn't see as valid. Once I configured that via dhcp-forwarder to a giaddr of an IP within the subnet the phones operate on, and I bound the giaddr IP I used to the external NIC on my firewall, the relay started to work. That coupled with proxy arp seems to have the phone traffic traversing my firewall without a problem. Now it's on to step 2, getting the phones to work from remote locations over VPN...