With all the Recent Changes; What Ports and Ip addresses should be open to the Pap2t Adapters.

I was given the following ports and Ip address in a support ticket in the past.


The RTP ports that need forwarding as well as the standard VOIPo ports are: 5004, 5012, 5060, 5061, 5062, 5079 and 35000-65000 (TCP and UDP).

The only IP your device should be communicating to is: 74.52.58.50 (sip.voipwelcome.com) and 208.101.11.251 (voicemail server). The other servers shouldnt be connecting to/from you. However it wouldn't hurt also enabling 174.132.131.* (i/o routing)."


Now that there are new database servers, other sip servers

east01, central01, central02 and sip.voipwelcome

What ports and IP addresses are voipo addresses?

why are you forwarding ports? The only time ports should need forwarding is if you have a very tight firewall. Giving your adapter can sometimes be useful if your network has a lot of devices on it. But if you have to forward ports to get it to work, you've got issues with your network.

Yes, needing port forwarding is likely a router/firewall issue, or the registration is not happening often enough to keep the SPI window open so VOIPo can ring the phone. (Failure to ring to one of 5060-5080)

This thread link endorsed port forwarding with even Nitzan buying into it.
http://www.dslreports.com/forum/r22084187-VoIPo-ready-for-prime-time

They talked 35000-65000 forwarding. That would be the voice streams, and that seems a desperate measure. That ... firewall issues? A more rare need, and I will not speculate cause/effect.

A simple network, with decent router - not needed.

why are you forwarding ports? The only time ports should need forwarding is if you have a very tight firewall. Giving your adapter can sometimes be useful if your network has a lot of devices on it. But if you have to forward ports to get it to work, you've got issues with your network.

Yes, I do forward ports and only allow specific ip's to those ports due to my home network setup. I currently have 5 servers, (4 windows server 2008 and 1 linux server), Several Ip cameras, and multiple desktops/laptops.

I am using a cisco asa 5510 as my firewall and a cisco (not linksys) router. And as you say, forwarding ports means you've got issues with your network. I disagree, my network does not have issues due to using a real firewall and router. My internet provider does not block any ports and provides all access to the internet, so there are often bots and hackers attempting to enter or block traffic. I also have several devices using the same ip, sip and/or voip ports, which requires forwarding the traffic to the correct device.

I would agree many home setups do not need a real router or port forwarding, but in my case it is needed.


So again, I ask

Now that there are new database servers, other sip servers

east01, central01, central02 and sip.voipwelcome

What ports and IP addresses are voipo addresses?

Regarding ports for PAP2T by default, 5061 and 5062 are SIP ports. RTP ports are from 16384 to 16482. IP addresses will be all over the map. For sure, you will be talking to the SIP server that you are connected to. If your audio stream is proxied, then the audio stream will be from the SIP server. If it is not proxied, then any media gateway around the country could send audio streams to RTP ports (16384 16482). And then there are syslog messages that go over port 514.

But you have to have complete understanding of how your NAT'ing works on your cisco router. Because, if the same ports (SIP and RTP) are used by multiple VOIP devices in your network, then you might end up with problems. Also, if the router thinks that a port is being used then it will map it to a different global port. I have Cisco router and used to have firewall turned on. But it became hard to handle over time, to maintain the ACLs.

But you have to have complete understanding of how your NAT'ing works on your cisco router. Because, if the same ports (SIP and RTP) are used by multiple VOIP devices in your network, then you might end up with problems. Also, if the router thinks that ports is being used then it will map it to a different global port. I have Cisco router and used to have firewall turned on. But it became hard to handle over time, to maintain the ACLs.

I do have a complete understanding of how the NAT'ing, PAT'ing and routing works, what normal ports are used for VOIP. I do not have any problems with my connections today. I understand people like to debate firewall, router, port forwarding,etc. But that is not the point of my thread.

But as I stated, I don't have questions on how it works or whatever. My voip communications work great. I just wanted a list of IP's used by VOIPO and the ports used by VOIPO from someone at VOIPO.


thanks for all the comments and suggestions.

Nothing personal. Just wanted to make sure you are aware of all the issues.

Keep an eye on the "logging". That will tell you which packets get rejected and you can update your ACL as needed.

As a test a few days ago I disabled port forwarding to my PAP2 and have not had any issues. Setup is PAP2 ->Linksys WRT54GS (DD-WRT)->At&t 2-wire -> World

No problems with in or outgoing calls. Call quality is fine. Unless your running a freaking Cisco router you probably do not need to forward anything. More complex routers like a Cisco that control everything in/out of the router would be a different story.

Configure a NAT firewall and use A STUN server, if you are provisioned you already are using one and you shouldn't need to forward ports (albeit sometimes a good idea to anyway depending on your setup).

I noticed something interesting on my setup. I run Tomato, and have always had ports 5060-5080 forwarded along with some RTP ports but not all of the 35000-65000 range. Last night I decided to stop the port forwarding to see what happened.

My audio used to be redirected to a closer media gateway from Level3 for inbound calls. Now audio is proxied through zeus.voipwelcome.com and I don't see any of the Level3 addresses connecting. I also don't see any other VOIPo machines like central01, east01, and so on. Outbound calls are now also being sent via zeus. When I forwarded ports, my outbound calls were handed off to another media gateway.

I guess long story short, port forwarding changed my audio paths drastically. Non-port forwarding sends all of my audio through the zeus server at the 74.52 address at ThePlanet.

Scott

weird, that makes no sense!

sr98user; just to clarify in case you didn't say it correctly. There are no conflicts if 2,3,4, or 20 voip adapters are using the same port. Why? Because they can't be using the same port unless they are using the same IP address. I.e. one voip adapter 192.168.1.100 using port 10001 for RTP traffic is not using the same port as a 2nd voip adapter at 192.168.1.101 using port 10001. It may seem like they using the same port, but they aren't. A port is a window in a house. You and I may have bought the same exact windos at Home Depot; but we have DIFFERENT addresses.

The only way port conflicts could come into play would be if using the Public IP address from your ISP; and you forward a port to more than one device. I.e. Any device, server, etc... that has a web interface, usually defaults to port :80. That's why when you get into your router, you don't have to put the :80 for the port. Now; if you have a router, voip adapter, web server, etc... and they all use port :80; then forwarding from the outside world can get tricky. It can definitely be done, but that is usually where a port conflict would come in. But in the voip world, the SIP is talking to your voip adapter to ring it and such, lets say on port :5060. You can have 5 voip adapters and ALL of their sip ports can be :5060. There isn't a conflict because each adapter has a different IP address. Same with the RTP traffic. later.... mike.....

christcorp,

You are correct. If two ATAs are behind your router are using port 5060, then your router maps one of the ATAs to something different than 5060 on the public side. But on the way in, if the data is sent to the correct public port, it will reach the correct ATA.

Like you said, if you are doing port forwarding, you should be aware of this. Since the OP was using the term "PAT" (port address transalation, which is what we all have and not NAT), I think the OP is familiar with what they are doing.

Also, when you use multiple ATAs, since the port numbers could be different on the public side, in many cases you probably need to enable STUN. STUN will figure out correct public IP and port and use that in the SIP messages. Sometimes the routers might change the IP/port in the SIP messages (I think that was ALG does). I think that's the reason some combination of routers/ALG/STUN don't work well.