Can anyone confirm the recommended firewall settings for VOIP gadgets 
using A&A's call.me.uk SIP server?  Is it just 5060/udp to & from the 
SIP server?  Assuming I'm not using the ENUM service.

Cheers,

- Martin

On Sat, 17 Oct 2009 20:00:25 UTC, Martin Johnson 
 wrote:

> Can anyone confirm the recommended firewall settings for VOIP gadgets 
> using A&A's call.me.uk SIP server?  Is it just 5060/udp to & from the 
> SIP server?  Assuming I'm not using the ENUM service.
> 

Don't know about A&A but most VOIP needs 5060 TCP & UDP plus a whole 
bunch of UDP like 10,000 - 20,000.

HTH
-- 
Regards
Dave Saville

On 17 Oct, 21:00, Martin Johnson  wrote:
> Can anyone confirm the recommended firewall settings for VOIP gadgets
> using A&A's call.me.uk SIP server?  Is it just 5060/udp to & from the
> SIP server?  Assuming I'm not using the ENUM service.
>
> Cheers,
>
> - Martin

I dont have any equipment on A&A voip, but depending on the VOIP
provider I generally, port 5004 and 5060 UDP/TCP. 5060 is used for SIP
signaling and 5004 is used for RTP. If you have more than one VOIP
device behind a NAT you may wish to appoint a different port in the
range 5004 upwards for each device, and also the SIP port 5060 upward
and usualy in steps of 2 i.e 5004 5006 5008. Easiest way is port
forward 5000 to 6000 to all of your VOIP devices.

Yes some VOIP devices such as softphones use some other ports for SIP
and RTP.

Phil

On Mon, 19 Oct 2009 01:55:01 -0700 (PDT), Fillco 
wrote:

> If you have more than one VOIP
> device behind a NAT you may wish to appoint a different port in the
> range 5004 upwards for each device, and also the SIP port 5060 upward
> and usualy in steps of 2 i.e 5004 5006 5008. Easiest way is port
> forward 5000 to 6000 to all of your VOIP devices.

I didn't know one could usefully forward the same port(s) to more than one
IP address/device.  How will the router know where to direct packets that
comprise an incoming connection?

Tony

On 19 Oct, 10:20, "Anthony R. Gold"  wrote:
> On Mon, 19 Oct 2009 01:55:01 -0700 (PDT), Fillco 
> wrote:
>
> > If you have more than one VOIP
> > device behind a NAT you may wish to appoint a different port in the
> > range 5004 upwards for each device, and also the SIP port 5060 upward
> > and usualy in steps of 2 i.e 5004 5006 5008. Easiest way is port
> > forward 5000 to 6000 to all of your VOIP devices.
>
> I didn't know one could usefully forward the same port(s) to more than one
> IP address/device.  How will the router know where to direct packets that
> comprise an incoming connection?
>
> Tony

This may depend on how easy your router firewall is configured, but
you can forward the ports specifically to individual devices or
globally. The former in the port forward list assigning the ports to
the individual IP addresses, and the latter as a global opening of the
ports which will be sent to every device on your network. The device
with the appropriate port will respond to the global transmission.


How will the router know where to direct packets that comprise an
incoming connection... Your voip device will have registered with your
VOIP provider with the RTP and SIP ports you have allocated to it.
e.g. if you have a VOIP phone on internal address of 192.168.1.23 and
you have allocated a SIP port of 5068 for instance on the device, then
when the device registers it will register with 192.168.1.23:5068.

Some VOIP devices can allocate a random port for SIP and RTP which
saves you actually allocating individual ports to each voip device,
lke the DHCP address, an allocated port will not be duplicated.

Phil

On 19 Oct, 11:39, Fillco  wrote:
> On 19 Oct, 10:20, "Anthony R. Gold"  wrote:
>
> > On Mon, 19 Oct 2009 01:55:01 -0700 (PDT), Fillco 
> > wrote:
>
> > > If you have more than one VOIP
> > > device behind a NAT you may wish to appoint a different port in the
> > > range 5004 upwards for each device, and also the SIP port 5060 upward
> > > and usualy in steps of 2 i.e 5004 5006 5008. Easiest way is port
> > > forward 5000 to 6000 to all of your VOIP devices.
>
> > I didn't know one could usefully forward the same port(s) to more than one
> > IP address/device.  How will the router know where to direct packets that
> > comprise an incoming connection?
>
> > Tony
>
> This may depend on how easy your router firewall is configured, but
> you can forward the ports specifically to individual devices or
> globally. The former in the port forward list assigning the ports to
> the individual IP addresses, and the latter as a global opening of the
> ports which will be sent to every device on your network. The device
> with the appropriate port will respond to the global transmission.
>
> How will the router know where to direct packets that comprise an
> incoming connection... Your voip device will have registered with your
> VOIP provider with the RTP and SIP ports you have allocated to it.
> e.g. if you have a VOIP phone on internal address of 192.168.1.23 and
> you have allocated a SIP port of 5068 for instance on the device, then
> when the device registers it will register with 192.168.1.23:5068.
>
> Some VOIP devices can allocate a random port for SIP and RTP which
> saves you actually allocating individual ports to each voip device,
> lke the DHCP address, an allocated port will not be duplicated.
>
> Phil

Whoops, a mistook there, the device registers wih your public IP
address followed by the SIP port and not your internal address eg

Phil

Dave Saville wrote:
> On Sat, 17 Oct 2009 20:00:25 UTC, Martin Johnson wrote:
> 
>> Can anyone confirm the recommended firewall settings for VOIP gadgets 
>> using A&A's call.me.uk SIP server?  Is it just 5060/udp to & from the 
>> SIP server?  Assuming I'm not using the ENUM service.
>>
> Don't know about A&A but most VOIP needs 5060 TCP & UDP plus a whole 
> bunch of UDP like 10,000 - 20,000.

I ran Wireshark in the end.  Sure enough it was using 5060/udp for SIP, 
plus a high udp port for audio during calls.  To begin with, I've 
blocked all TCP, but allowed all UDP in both directions between the two 
IPs in question.  If that proves reliable, I might put more restrictions 
in later.

Cheers

- Martin