VOIP Service Unpredictable

VOIP setup and troubleshooting
Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: VOIP Service Unpredictable

Post by Dazzled » Thu May 27, 2010 9:48 am

mzc181, what you describe has to be done whenever an ATA is put behind a NAT router. Of the two methods, DMZ is usually the easiest, as it opens up the entire ATA interface to the internet in one hit, completely disabling the router iptables firewall for that device. Never let a Windows computer lie behind a DMZ, ie, don't use the ATA as a second ordinary home router or switch if behind a DMZ. You get away with an ATA DMZ because probing what amounts to an unresponsive telephone has little interest for the black hats.

ant333
Posts: 27
Joined: Tue Oct 14, 2008 2:43 pm
Location: Seaford Melbourne Victoria.

Re: VOIP Service Unpredictable

Post by ant333 » Thu May 27, 2010 11:27 am

Haven't had any issues since floowing the recommendations of others within this thread. Cheers! :D

sable
Posts: 651
Joined: Tue Jan 20, 2004 9:28 am
Location: NSW

Re: VOIP Service Unpredictable

Post by sable » Thu May 27, 2010 11:40 am

It should be noted that where the ATA is built into an "all in one device" there is need for any port forwarding, it is done within the device automatically.

Port forwarding to the ATA is required where the router and ata are separate stand alone devices as per mzc181's case.

bulletmark
Posts: 137
Joined: Sun Jun 28, 2009 9:06 am
Location: Brisbane

Re: VOIP Service Unpredictable

Post by bulletmark » Thu May 27, 2010 11:44 am

sable wrote:Port forwarding to the ATA is required where the router and ata are separate stand alone devices as per mzc181's case.
Not always, my Minitar MVA11A ata works ok on my lan, behind my router, without any explicit forwarding.

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: VOIP Service Unpredictable

Post by Dazzled » Thu May 27, 2010 12:18 pm

Bulletmark, Most routers have iptables rules to establish NAT, something like this (lifted from a Dynalink, running VoIP)
ACCEPT udp -- ppp_8_35_1 any anywhere anywhere udp dpt:5060
....
ACCEPT all -- ppp_8_35_1 any anywhere anywhere state RELATED,ESTABLISHED
....
DROP all -- ppp_8_35_1 any anywhere anywhere
....
DROP all -- ppp_8_35_1 any anywhere <your ext IP address>
The first rule is a port forward to the VoIP interface. Without it (the default router-only state) the second rule quoted would prevent an invite. (Use the telnet interface - /bin/iptables -L -v)

jokiin
Volunteer Site Admin
Posts: 2970
Joined: Mon Feb 02, 2004 10:23 pm
Location: Sydney

Re: VOIP Service Unpredictable

Post by jokiin » Thu May 27, 2010 12:29 pm

bulletmark wrote:
sable wrote:Port forwarding to the ATA is required where the router and ata are separate stand alone devices as per mzc181's case.
Not always, my Minitar MVA11A ata works ok on my lan, behind my router, without any explicit forwarding.
some devices work better than others, NAT traversal rules in some work pretty well, more often than not though how well the ATA works behind a router is dependent on the router more than the ATA

woofycub
Posts: 5
Joined: Wed Jun 27, 2007 11:09 am
Location: Ballan, Vic

Re: VOIP Service Unpredictable

Post by woofycub » Thu May 27, 2010 1:19 pm

I had this with my linksys mate..

i had to tell it to keep the NAT alive..

bulletmark
Posts: 137
Joined: Sun Jun 28, 2009 9:06 am
Location: Brisbane

Re: VOIP Service Unpredictable

Post by bulletmark » Thu May 27, 2010 2:05 pm

Dazzled wrote: The first rule is a port forward to the VoIP interface. Without it (the default router-only state) the second rule quoted would prevent an invite. (Use the telnet interface - /bin/iptables -L -v)
Dazzled, I am not sure what you are saying.

I have no port forwards set for any device, and yet my Minitar can make and receive voip calls fine. Not only that, I am also using the voip port on my Billion router to a separate handset (to a separate provider) and make and receive independent calls to it also. Somehow the ata, router, and voip providers are negotiating the NAT just fine.

[Well, when I say "just fine", as I said earlier in this thread my incoming calls were not working reliably last week but it seems this may have been due to an Exetel problem which required us to reboot our ata's as joklin said in an earlier post here. Seems to be working ok after I reset my ata. Needless to say, it is distressing that an Exetel fault can occur which requires customers to magically find out about and know to reboot their ata :(].

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: VOIP Service Unpredictable

Post by Dazzled » Thu May 27, 2010 2:52 pm

Bulletmark, Jokiin and I were making the same point, only he was clear and I was being a bit obtuse. NAT implementation differs between router makes, so some devices can traverse some NATs. There is a discussion at http://en.wikipedia.org/wiki/NAT_traversal. I was rather obscurely inviting you to look at your own firewall rules to find why the Minitar works with it, although rules can get pretty complex, with ALG and the like. The Minitar wouldn't work with my router, and it would have no hope with the very simple rules in my gateway.

Post Reply