>> = answers ...
I guess the first question is, do you need to have any of your devices accessible directly from the Internet? >> Yes, the Phone Server needs to be seen from the internet, for say IP phones out on the internet or remote administration of the server. The manufacturer - Inter-tel - is specific about what TCP/UDP, etc, ports need to be opened.
Otherwise, you can use static NAT. I haven't done it yet myself, but you should be able to use the /32 mask to map straight to that address. >> I've set this up, but it just won't 'talk.' I am forwarded the programmed on the server itself to Inter-tel so they can verify THAT part is programmed correctly.
Regarding TCP & SMTP, etc. >> I've got a pretty grasp of this part, I am CTP certified, believe it or not
In your situation, if you're creating a static NAT, I would imagine you'd need it to be "any" (TCP or UDP) and "any" (type of traffic, e.g. SMTP or HTTP). >> I was assuming that a 1:1 nat does just that - all ports are open, maybe not.
Since you want VoIP traffic to have priority, you can use the Traffic Shaper functionality of m0n0wall to prioritize the traffic. Use the magic shaper wizard and assign a DHCP address to the phone/converter box, and give that IP higher priority in the shaper. >> This will be the next step for me, but when I figure this out, I'll be very happy. To get around the bottle neck at the WAN connection/firewall. Up to now, when I've put a 'phone card' on a public switch in front of the firewall, literally. For instance - DSL Modem ethernet port plugs into a 5-port switch -- I plug the firewall into this on a static IP, then the phone card, then the phone CPU, etc --- there were not many worries about hackers since it is only a card (maybe denial of service, but unlikely) - however in this scenario there is no Qos at all - my VOIP traffic is just dumped into the river per se. If I can get to a point with tunneling or such where I can say the Phone card/server has priority or a certain amount of bandwidth reserved that would be fantastic. Typically, my accounts are set up with a partial T-1 768k or a T-1 vs DSL or cable.
The web GUI is easy enough to setup and is unrelated to the above. Enable it by going to System->General Setup, and select "HTTPS" for webGUI protocol (the best option). Then enter a username and password twice above it. Then Save and Apply Changes. >> Easy for you to say!