VoIP
I currently have a MT running hotspot and PPPoE. One of the PPPoE users is trying to use his Vonage VoIP device. For some reason, the device will not work when he is connected to our network. I have verified that I am not blocking any of the UDP ports that are needed for the Vonage service. What am I missing??? Thanks
I tried to enable upnp feature, but it did not fix the problem. Vonage states that I need to make sure the following ports are open.: 53, 69, 123, 5060,5061, 10000-20000 (All UDP). Again, the user is assigned a public IP address through PPPoE and he cannot use our service to connect to Vonage. Vonage Support stated that he could not connect using Port 69 (tftp). I also know that our upstream provider, TransEdge, does not block any of these ports.
Is there anyway I can determine for sure that our MT is not blocking any of these ports? Again, we are not blocking any specific ports in the firewall, but for some reason his VoIP service is still not working.
Also, we have users trying to run LimeWire (gnutella - port 6346), but no one is able to connect. But when we connect directly to our upstream provider (without our MT), LimeWire works fine. Again, I am at a loss for why our MT seems to be blocking ports even though we do not have anything in our firewall prohibiting them.
Please let me know your thoughts...Thanks
Is there anyway I can determine for sure that our MT is not blocking any of these ports? Again, we are not blocking any specific ports in the firewall, but for some reason his VoIP service is still not working.
Also, we have users trying to run LimeWire (gnutella - port 6346), but no one is able to connect. But when we connect directly to our upstream provider (without our MT), LimeWire works fine. Again, I am at a loss for why our MT seems to be blocking ports even though we do not have anything in our firewall prohibiting them.
Please let me know your thoughts...Thanks
-
-
wildbill442
Forum Guru
- Posts: 1055
- Joined:
- Location: Sacramento, CA
what version of RouterOS are you using?
Print your firewall rules (omitting IP addresses).. If all chains are set to except and you aren't blocking any ports as you say there shouldn't be any problems. Are you NATing traffic? and do your customers have their own NAT routers as well? Certain applications have problems with double-NAT.
Print your firewall rules (omitting IP addresses).. If all chains are set to except and you aren't blocking any ports as you say there shouldn't be any problems. Are you NATing traffic? and do your customers have their own NAT routers as well? Certain applications have problems with double-NAT.
I have attached the export of my firewall settings below. I am running hotspot and PPPoE on the same interface. The specific client trying to use VoIP receives a public IP address via PPPoE. The client does not do any additional NATing. Also, as I mentioned earlier, whether the user is a hotspot (with private IP) or PPPoE client (with a public IP), neither one can use the gnutella network (port 6346). We are currently running 2.8.19 on this MT, but we see the same issues (with the same settings) on another MT running 2.8.2. Let me know if you see anything that might be blocking the ports that I mentioned earlier (or anything else unusual)...Thanks again
/ ip firewall
set input name="input" policy=accept comment=""
set forward name="forward" policy=accept comment=""
set output name="output" policy=accept comment=""
add name="hotspot-temp" policy=none comment="limit unauthorized hotspot \
clients"
add name="hotspot" policy=none comment="account authorized hotspot clients"
add name="pppoe-in" policy=none comment=""
add name="pppoe-out" policy=none comment=""
/ ip firewall rule forward
add src-address=xx.xx.xx.xx/xx action=accept comment="" disabled=no
add src-address=10.5.51.0/24 action=accept comment="Allow forward of PPPoE" \
disabled=no
add src-address=100.100.100.0/24 in-interface=ether2 action=accept \
comment="accept traffic from radios" disabled=no
add in-interface=ether2 action=jump jump-target=hotspot-temp comment="limit \
access for unauthorized hotspot clients" disabled=no
add action=jump jump-target=hotspot comment="account traffic for authorized \
hotspot clients" disabled=no
/ ip firewall rule hotspot
/ ip firewall rule hotspot-temp
add flow=hs-auth action=return comment="return, if connection is authorized" \
disabled=no
add protocol=icmp action=return comment="allow ping requests" disabled=no
add dst-address=:53 protocol=udp action=return comment="allow dns requests" \
disabled=no
add action=reject comment="reject access for unauthorized hotspot clients" \
disabled=no
/ ip firewall rule input
add src-address=100.100.100.0/24 in-interface=ether2 action=accept \
comment="accept traffic from radios" disabled=no
add in-interface=ether2 dst-address=:80 protocol=tcp action=accept \
comment="accept requests for hotspot servlet" disabled=no
add in-interface=ether2 dst-address=:67 protocol=udp action=accept \
comment="accept requests for local DHCP server" disabled=no
add in-interface=ether2 action=jump jump-target=hotspot-temp comment="limit \
access for unauthorized hotspot clients" disabled=no
add in-interface=ether2 dst-address=:0 protocol=tcp action=jump \
jump-target=hotspot comment="account traffic from hotspot clients to web \
proxy" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set pptp disabled=no
set gre disabled=no
set h323 disabled=no
set mms disabled=no
set irc ports=6667 disabled=no
set quake3 disabled=no
set tftp ports=69 disabled=no
/ ip firewall mangle
add protocol=tcp tcp-options=syn-only action=passthrough tcp-mss=1440 \comment="PPPoE" disabled=no
add p2p=all-p2p action=passthrough mark-flow=p2p comment="" disabled=no
/ ip firewall src-nat
add src-address=10.5.51.0/24 action=masquerade comment="Masquerad Private IP \
PPPoE" disabled=no
add src-address=10.5.50.0/24 action=masquerade comment="masquerade hotspot \
network" disabled=no
/ ip firewall dst-nat
/ ip firewall
set input name="input" policy=accept comment=""
set forward name="forward" policy=accept comment=""
set output name="output" policy=accept comment=""
add name="hotspot-temp" policy=none comment="limit unauthorized hotspot \
clients"
add name="hotspot" policy=none comment="account authorized hotspot clients"
add name="pppoe-in" policy=none comment=""
add name="pppoe-out" policy=none comment=""
/ ip firewall rule forward
add src-address=xx.xx.xx.xx/xx action=accept comment="" disabled=no
add src-address=10.5.51.0/24 action=accept comment="Allow forward of PPPoE" \
disabled=no
add src-address=100.100.100.0/24 in-interface=ether2 action=accept \
comment="accept traffic from radios" disabled=no
add in-interface=ether2 action=jump jump-target=hotspot-temp comment="limit \
access for unauthorized hotspot clients" disabled=no
add action=jump jump-target=hotspot comment="account traffic for authorized \
hotspot clients" disabled=no
/ ip firewall rule hotspot
/ ip firewall rule hotspot-temp
add flow=hs-auth action=return comment="return, if connection is authorized" \
disabled=no
add protocol=icmp action=return comment="allow ping requests" disabled=no
add dst-address=:53 protocol=udp action=return comment="allow dns requests" \
disabled=no
add action=reject comment="reject access for unauthorized hotspot clients" \
disabled=no
/ ip firewall rule input
add src-address=100.100.100.0/24 in-interface=ether2 action=accept \
comment="accept traffic from radios" disabled=no
add in-interface=ether2 dst-address=:80 protocol=tcp action=accept \
comment="accept requests for hotspot servlet" disabled=no
add in-interface=ether2 dst-address=:67 protocol=udp action=accept \
comment="accept requests for local DHCP server" disabled=no
add in-interface=ether2 action=jump jump-target=hotspot-temp comment="limit \
access for unauthorized hotspot clients" disabled=no
add in-interface=ether2 dst-address=:0 protocol=tcp action=jump \
jump-target=hotspot comment="account traffic from hotspot clients to web \
proxy" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set pptp disabled=no
set gre disabled=no
set h323 disabled=no
set mms disabled=no
set irc ports=6667 disabled=no
set quake3 disabled=no
set tftp ports=69 disabled=no
/ ip firewall mangle
add protocol=tcp tcp-options=syn-only action=passthrough tcp-mss=1440 \comment="PPPoE" disabled=no
add p2p=all-p2p action=passthrough mark-flow=p2p comment="" disabled=no
/ ip firewall src-nat
add src-address=10.5.51.0/24 action=masquerade comment="Masquerad Private IP \
PPPoE" disabled=no
add src-address=10.5.50.0/24 action=masquerade comment="masquerade hotspot \
network" disabled=no
/ ip firewall dst-nat