"Port Forwarding" vs "Port Range Forwarding"

[VOIPoJustin]

We find the vast majority of issues related to one way (or no way) audio as well as other connectivity problems to be NAT related. As such, we strongly suggest applying port forwarding (UDP/TCP) as a solution.

Think of the port range 5060 - 5080 as the 'control range,' whereby the adapter communicates back and forth with VOIPo's data centers, providing instructions on how to handle the call.

Separated from this control functionality is the audio stream (RTP), which connects on a randomized port between the range of 35000 - 65000. One key point to consider is that incoming audio is often proxied from different locations throughout the country, depending on the incoming audio's origination and geography.

Because of this separation in call handling and call audio, it is not uncommon for an incoming audio stream to reach the adapter from a completely different (and previously unseen) IP address. Occasionally, some hardware firewalls and SPI filter algorithms (erroneously) detect this incoming data as illegitimate, and block or otherwise prevent/manipulate it from reaching the adapter in tact.

[ctaranto]

I have a two part question:

1. Would putting a PAP2T in a DMZ solve this?
2. Is putting the PAP2T in a DMZ a bad idea? If so, why?

Thanks,

-Craig

[MisterEd]

I have a question as well.

Those ports 35000-65000 cover a large range.

For example, DROPBOX (www.dropbox.com), a new and very popular service as well as MOZY (www.mozy.com) which is an online system backup provider use some ports in that range for their tunnel as do a lot of other services.

When Voipo tech support was looking at my system trying to resolve some issues we removed the ports used by MOZY and DROPBOX from my Fios router. Needless to say I can't use those services at present and I am wary about reinstalling them.

Does VOIPO really need that wide range of ports or ALL the ports in that range?

[VOIPoJames]

1. Would putting a PAP2T in a DMZ solve this?
2. Is putting the PAP2T in a DMZ a bad idea? If so, why?

We tend to find that DMZ is a bit ambiguous pending on the manufacture and security implementation.

Theoretically DMZ would act as a demilitarized zone within ones network. Basically a wide open connection or pin hole into one device (server, dns, email, VOIP line, etc, etc) within a network.

More and more often we find that even when placing a device in DMZ network traffic can still be manipulated, misdirected, or blocked by hard-coded security feature or certain functionality by a Firewall / NAT setting in place.

Unless using for testing purposes, DMZ is not recommended to use with our VOIP lines. Functionality differs between router manufactures, and it's not a good practice to open a permanent hole in ones network.

We recommend specifying only the port ranges we utilize and having this forwarded to either a Statically assigned or Reserved IP address for our adapter.

Ports:

5060-5080 (udp/tcp) used for signaling to and from our servers to relay call information

35000-65000 (udp only) used for random assignment of RTP or audio stream

Does VOIPO really need that wide range of ports or ALL the ports in that range?

Yes and no Ed, it is randomly assigned and differs between each call. So though the entire range is 30,000 ports only one port is actually in use at a time. If you need a port or range of ports within this allotment simply specify the rule again. There's a 1 in 30,000 chance it's an issue

[usa2k]

It is nice that VOIPo works with the customers to some extent, because officially the ATA normally has a router, and is not meant to be behind a different router.

I am guilty of preferring my own choice in router and using the PAP2T.

I do think it was smart money for VOIPo to primarily use the RT31P2 that has a built in router with 3 LAN ports. This allows an if all else fails approach that lets you continue to operate your computers while troubleshooting. A reasonable expectation for a Residential Plan.

[abward]

...it is randomly assigned and differs between each call. So though the entire range is 30,000 ports only one port is actually in use at a time...

Why is it randomly assigned? For security purposes? Would it be possible to narrow this down to maybe a several hundred ports range, so we can minimize the number of ports we forward?

[VOIPoTim]

Why is it randomly assigned? For security purposes? Would it be possible to narrow this down to maybe a several hundred ports range, so we can minimize the number of ports we forward?

Most of the audio streams are directly from remote media gateways and don't pass through us so most is out of our control.

[statustray]

We find the vast majority of issues related to one way (or no way) audio as well as other connectivity problems to be NAT related. As such, we strongly suggest applying port forwarding (UDP/TCP) as a solution.

Think of the port range 5060 - 5080 as the 'control range,' whereby the adapter communicates back and forth with VOIPo's data centers, providing instructions on how to handle the call.

Separated from this control functionality is the audio stream (RTP), which connects on a randomized port between the range of 35000 - 65000. One key point to consider is that incoming audio is often proxied from different locations throughout the country, depending on the incoming audio's origination and geography.

Because of this separation in call handling and call audio, it is not uncommon for an incoming audio stream to reach the adapter from a completely different (and previously unseen) IP address. Occasionally, some hardware firewalls and SPI filter algorithms (erroneously) detect this incoming data as illegitimate, and block or otherwise prevent/manipulate it from reaching the adapter in tact.

What if one has more than one adapter?

[caseydoug]

What if one has more than one adapter?

I don't think he's saying that everyone should forward all these ports, but if you are having problems, this is the quickest way to fix it. I was having some problems, but I have at least three other adapters running on my network, not counting soft phones. I forwarded a smaller range of ports, and reduced that further once it was clear that the problems had diminished to an acceptable level. I still get the occasional dropped call, but it's hard to know whether this is caused by my network, cell phone reception at the other end, someone's ear hitting the "end" button, or what. It's fairly infrequent.

[statustray]

I don't think he's saying that everyone should forward all these ports, but if you are having problems, this is the quickest way to fix it. I was having some problems, but I have at least three other adapters running on my network, not counting soft phones. I forwarded a smaller range of ports, and reduced that further once it was clear that the problems had diminished to an acceptable level. I still get the occasional dropped call, but it's hard to know whether this is caused by my network, cell phone reception at the other end, someone's ear hitting the "end" button, or what. It's fairly infrequent.

Yes, I have more than one adapter too- thru different providers. I have been with VoicePulse for years now, and with VoiPO for a year. I even switched my landline (AT&T), over to Comcast several months ago as they had a special of $19.99 per month for the first 12 months. Why didn't I switch that line to Voipo? I figured Comcast because they have free calling to Puerto Rico, Virgin Islands, and a few others places which I call quite regularly.

I have had some issues with Voipo's call waiting, and am have been sent a RPT but haven't received it yet. I do like how quickly Voipo responds to trouble tickets, and their overall feature set!

I was just trying to be sure that under normal circumstances, having multiple adapters wouldn't ordinarily cause a problem.

Thanks for the clarification ;-)