"Port Forwarding" vs "Port Range Forwarding"
I believe James may have helped me identify an intermittent problem with my router configuration. I wanted to share the details in case someone else may have made the same boneheaded error as me.
I mistakenly chose the Linksys router's "Port Forwarding" tab to set up ports 5060-5080 and 35000-65000. "Port Forwarding" and "Port Range Forwarding" both had the "from" and "to" fields to enter the port numbers. Port Range Forwarding is the way to go.
I hope this will probably correct some of my intermittent one way audio drops and fast busy connections.
Thanks Voipo support!
Re: "Port Forwarding" vs "Port Range Forwarding"
May I ask why port forwarding was turned on? Was something not working, and that was the reason you turned on port forwarding?
I only ask because I have not used port forwarding in my setup.
Thanks in advance ;-)
Re: "Port Forwarding" vs "Port Range Forwarding"
Quote:
Originally Posted by
statustray
May I ask why port forwarding was turned on? Was something not working, and that was the reason you turned on port forwarding?
I only ask because I have not used port forwarding in my setup.
Thanks in advance ;-)
I've seen multiple posts about this topic. Some say they don't need it, some do. The helpdesk recommended I turn it on. You can search this forum with "port forwarding" and get a couple of pages to browse. Here's one of the better discussions..
http://forums.voipo.com/showthread.p...ort+forwarding
I'll let others with a better technical background respond.
Re: "Port Forwarding" vs "Port Range Forwarding"
We find the vast majority of issues related to one way (or no way) audio as well as other connectivity problems to be NAT related. As such, we strongly suggest applying port forwarding (UDP/TCP) as a solution.
Think of the port range 5060 - 5080 as the 'control range,' whereby the adapter communicates back and forth with VOIPo's data centers, providing instructions on how to handle the call.
Separated from this control functionality is the audio stream (RTP), which connects on a randomized port between the range of 35000 - 65000. One key point to consider is that incoming audio is often proxied from different locations throughout the country, depending on the incoming audio's origination and geography.
Because of this separation in call handling and call audio, it is not uncommon for an incoming audio stream to reach the adapter from a completely different (and previously unseen) IP address. Occasionally, some hardware firewalls and SPI filter algorithms (erroneously) detect this incoming data as illegitimate, and block or otherwise prevent/manipulate it from reaching the adapter in tact.
Re: "Port Forwarding" vs "Port Range Forwarding"
I have a two part question:
1. Would putting a PAP2T in a DMZ solve this?
2. Is putting the PAP2T in a DMZ a bad idea? If so, why?
Thanks,
-Craig
Re: "Port Forwarding" vs "Port Range Forwarding"
I have a question as well.
Those ports 35000-65000 cover a large range.
For example, DROPBOX (www.dropbox.com), a new and very popular service as well as MOZY (www.mozy.com) which is an online system backup provider use some ports in that range for their tunnel as do a lot of other services.
When Voipo tech support was looking at my system trying to resolve some issues we removed the ports used by MOZY and DROPBOX from my Fios router. Needless to say I can't use those services at present and I am wary about reinstalling them.
Does VOIPO really need that wide range of ports or ALL the ports in that range?
Re: "Port Forwarding" vs "Port Range Forwarding"
Quote:
Originally Posted by
ctaranto
1. Would putting a PAP2T in a DMZ solve this?
2. Is putting the PAP2T in a DMZ a bad idea? If so, why?
We tend to find that DMZ is a bit ambiguous pending on the manufacture and security implementation.
Theoretically DMZ would act as a demilitarized zone within ones network. Basically a wide open connection or pin hole into one device (server, dns, email, VOIP line, etc, etc) within a network.
More and more often we find that even when placing a device in DMZ network traffic can still be manipulated, misdirected, or blocked by hard-coded security feature or certain functionality by a Firewall / NAT setting in place.
Unless using for testing purposes, DMZ is not recommended to use with our VOIP lines. Functionality differs between router manufactures, and it's not a good practice to open a permanent hole in ones network.
We recommend specifying only the port ranges we utilize and having this forwarded to either a Statically assigned or Reserved IP address for our adapter.
Ports:
5060-5080 (udp/tcp) used for signaling to and from our servers to relay call information
35000-65000 (udp only) used for random assignment of RTP or audio stream
Quote:
Originally Posted by
MisterEd
Does VOIPO really need that wide range of ports or ALL the ports in that range?
Yes and no Ed, it is randomly assigned and differs between each call. So though the entire range is 30,000 ports only one port is actually in use at a time. If you need a port or range of ports within this allotment simply specify the rule again. There's a 1 in 30,000 chance it's an issue :)
Re: "Port Forwarding" vs "Port Range Forwarding"
It is nice that VOIPo works with the customers to some extent, because officially the ATA normally has a router, and is not meant to be behind a different router.
I am guilty of preferring my own choice in router and using the PAP2T.
I do think it was smart money for VOIPo to primarily use the RT31P2 that has a built in router with 3 LAN ports. This allows an if all else fails approach that lets you continue to operate your computers while troubleshooting. A reasonable expectation for a Residential Plan.
Re: "Port Forwarding" vs "Port Range Forwarding"
James,
I understand VOIPo sets the RTP port range to 16384-16482 on the PAP2. This is on the LAN side. When the packet goes out, on the public side some routers may translate the port to a different port number. On my router, the ports stays the same on the public side, unless that port is used by some other node in my LAN.
So, the incoming RTP packets to my router, will have a port range of 16384-16482. Even if I forward ports (which I don't now and I am running fine), I would have to use this range instead of 35000-65000.
Do you usually see the RTP source port on the public side of the PAP2 in the 35000-65000? Just asking out of curiosity.
Re: "Port Forwarding" vs "Port Range Forwarding"
Quote:
Originally Posted by
VOIPoJames
...it is randomly assigned and differs between each call. So though the entire range is 30,000 ports only one port is actually in use at a time...
Why is it randomly assigned? For security purposes? Would it be possible to narrow this down to maybe a several hundred ports range, so we can minimize the number of ports we forward?