How I hooked up VOIPo

[ctaranto]

Exactly, that's the way the RT31P2 should behave ahead of your router.....allowing it to work more openly with the Internet.

In this scenario, your router is still providing the SPI firewall and protecting your internal network. Why do you really care about the RT's poor firewall ability which is upstream of your router. If the ATA was that insecure or easily hackable, Voipo would not prefer that you hook it up that way to begin with. However, Voipo does prefer it this way just to avoid SPI/NAT issues it encounters with some of its customers.

If insecure and "more openly" is synonymous, then I don't want it. VOIPo only needs certain ports. It shouldn't be THAT open. I actually prefer having a PAP2T, which HAS to be behind a router (that's what I had with VoicePulse). I want to mimic the topology that I had, with my WRT first in line. I also like to measure bandwidth usage and with the RT first, I can't do that.

Once again, the fact you are having issues with it hooked up this way is indicative of something else being wrong. No one should have to hook up this way in your topology to get to work correctly.

Maybe dd-wrt and hooking it up to the WAN is good enough. I never tried that. But I far prefer Tomato, and thus far, it's working.

I took another look at your setup and you have at least double NAT or more going on. Per your topology, your router's DHCP is enabled with a starting IP pool address of 172.20.0.100, but I noticed your LAN and WAN IP's on the RT is 172.20.0.2 and 172.20.0.3 respectively. This tells me that more NAT is going on in the picture here because if you truly had the RT's DHCP server disabled then the LAN ports on the RT would act like a switch instead of a router and pull it's IP addresses from your WRT IP pool.

The WRT's DHCP pool is .100. The RT isn't getting it's IPs from the WRT (I put them in statically), so .2 and .3 were chosen. Because an IP is outside of the DHCP realm (but inside the subnet mask), that causes NAT to be used? I didn't believe that was the case. I believe the way I've hooked it up, the RT *IS* a switch now. The only thing is the WAN port needs to be used because all voice communications goes out the WAN. DHCP is turned off on the RT, and nothing else is connected to it. I can also directly log into the RT via 172.20.0.2 (without any port numbers) while wireless connected to the WRT.

Are you suggesting that if I statically set the IPs of the RT to inside the DHCP range, I'll reduce a NAT? That doesn't quite make sense to me, but again, I'm not a network guy.

I believe (or believed) that by connecting directly to the LAN port, and putting the LAN and WAN in the same subnet, I'm *reducing* a NAT.

If it's working good for you this way, I really can't knock it too bad.

I'm enjoying this conversation (please don't take it as an argument).

-Craig

[tritch]

If insecure and "more openly" is synonymous, then I don't want it. VOIPo only needs certain ports. It shouldn't be THAT open. I actually prefer having a PAP2T, which HAS to be behind a router (that's what I had with VoicePulse). I want to mimic the topology that I had, with my WRT first in line. I also like to measure bandwidth usage and with the RT first, I can't do that.

I don't have this setup either, but it is preferred by Voipo. It must be secure enough, otherwise you'd be hearing of more ATA's being attacked or hacked.

The WRT's DHCP pool is .100. The RT isn't getting it's IPs from the WRT (I put them in statically), so .2 and .3 were chosen. Because an IP is outside of the DHCP realm (but inside the subnet mask), that causes NAT to be used? I didn't believe that was the case. I believe the way I've hooked it up, the RT *IS* a switch now. The only thing is the WAN port needs to be used because all voice communications goes out the WAN. DHCP is turned off on the RT, and nothing else is connected to it. I can also directly log into the RT via 172.20.0.2 (without any port numbers) while wireless connected to the WRT.

Ok, I stand corrected. I missed the fact you statically assigned the IP's on the RT with the same subnet.

Router setup:
IP: 172.20.0.1
Subnet: 255.255.255.0
Gateway: 0.0.0.0
DHCP enabled: starting IP pool of 172.20.0.100

RT LAN:
IP: 172.20.0.2
Subnet: 255.255.255.0
Gateway: 172.20.0.1

RT WAN:
IP: 172.20.0.3
Subnet: 255.255.255.0
Gateway: 172.20.0.1

LAN and WAN ports on the RT are set with static IP's which are on the same subnet as the router and do not automatically obtain IP's from the WRT. The RT is acting like a switch as you mentioned, so there's only a single NAT between your public IP and your RT which is good.

I do see a problem as chpalmer pointed out in his post. Your WRT's gateway should be 172.20.0.1 not 0.0.0.0 It's possible when you had the RT's WAN hooked up to the WRT's LAN that the router assigned this gateway to the RT as well. I'm assuming of course that you had the RT automatically obtain its IP address from the WRT's IP pool when you tried it before. You might want to see if that was the problem. If this resolves the issue, then you would want to reserve or assign a static IP for the RT in the router.

[ctaranto]

I don't have this setup either, but it is preferred by Voipo. It must be secure enough, otherwise you'd be hearing of more ATA's being attacked or hacked.

There were many things I didn't like about the RT being first. A few of them are:
1. The feeling I was insecure by ports not being "stealth"
2. Relying on the RT to handle all NAT. If it's NAT abilities aren't good (and it's hard to find info on this), then when using many bittorrent clients, I will see a performance hit.
3. The QoS setup in the RT is no where near as good as a WRT running Tomato.

I do see a problem as chpalmer pointed out in his post. Your WRT's gateway should be 172.20.0.1 not 0.0.0.0 It's possible when you had the RT's WAN hooked up to the WRT's LAN that the router assigned this gateway to the RT as well. I'm assuming of course that you had the RT automatically obtain its IP address from the WRT's IP pool when you tried it before. You might want to see if that was the problem. If this resolves the issue, then you would want to reserve or assign a static IP for the RT in the router.

Interesting that the Tomato firmware doesn't even offer a "gateway" for the Router IP (maybe it assumes the Router IP as the gateway?). I don't know the effect of this setting in dd-wrt in the current topology vs. hooking directly into the WAN. I also didn't try dd-wrt and hooking directly into the WAN.

Thanks,

-Craig