"Port Forwarding" vs "Port Range Forwarding"
I believe James may have helped me identify an intermittent problem with my router configuration. I wanted to share the details in case someone else may have made the same boneheaded error as me.
I mistakenly chose the Linksys router's "Port Forwarding" tab to set up ports 5060-5080 and 35000-65000. "Port Forwarding" and "Port Range Forwarding" both had the "from" and "to" fields to enter the port numbers. Port Range Forwarding is the way to go.
I hope this will probably correct some of my intermittent one way audio drops and fast busy connections.
Thanks Voipo support!
Re: "Port Forwarding" vs "Port Range Forwarding"
May I ask why port forwarding was turned on? Was something not working, and that was the reason you turned on port forwarding?
I only ask because I have not used port forwarding in my setup.
Thanks in advance ;-)
Re: "Port Forwarding" vs "Port Range Forwarding"
Quote:
Originally Posted by
statustray
May I ask why port forwarding was turned on? Was something not working, and that was the reason you turned on port forwarding?
I only ask because I have not used port forwarding in my setup.
Thanks in advance ;-)
I've seen multiple posts about this topic. Some say they don't need it, some do. The helpdesk recommended I turn it on. You can search this forum with "port forwarding" and get a couple of pages to browse. Here's one of the better discussions..
http://forums.voipo.com/showthread.p...ort+forwarding
I'll let others with a better technical background respond.
Re: "Port Forwarding" vs "Port Range Forwarding"
We find the vast majority of issues related to one way (or no way) audio as well as other connectivity problems to be NAT related. As such, we strongly suggest applying port forwarding (UDP/TCP) as a solution.
Think of the port range 5060 - 5080 as the 'control range,' whereby the adapter communicates back and forth with VOIPo's data centers, providing instructions on how to handle the call.
Separated from this control functionality is the audio stream (RTP), which connects on a randomized port between the range of 35000 - 65000. One key point to consider is that incoming audio is often proxied from different locations throughout the country, depending on the incoming audio's origination and geography.
Because of this separation in call handling and call audio, it is not uncommon for an incoming audio stream to reach the adapter from a completely different (and previously unseen) IP address. Occasionally, some hardware firewalls and SPI filter algorithms (erroneously) detect this incoming data as illegitimate, and block or otherwise prevent/manipulate it from reaching the adapter in tact.
Re: "Port Forwarding" vs "Port Range Forwarding"
I have a two part question:
1. Would putting a PAP2T in a DMZ solve this?
2. Is putting the PAP2T in a DMZ a bad idea? If so, why?
Thanks,
-Craig
Re: "Port Forwarding" vs "Port Range Forwarding"
I have a question as well.
Those ports 35000-65000 cover a large range.
For example, DROPBOX (www.dropbox.com), a new and very popular service as well as MOZY (www.mozy.com) which is an online system backup provider use some ports in that range for their tunnel as do a lot of other services.
When Voipo tech support was looking at my system trying to resolve some issues we removed the ports used by MOZY and DROPBOX from my Fios router. Needless to say I can't use those services at present and I am wary about reinstalling them.
Does VOIPO really need that wide range of ports or ALL the ports in that range?
Re: "Port Forwarding" vs "Port Range Forwarding"
Quote:
Originally Posted by
ctaranto
1. Would putting a PAP2T in a DMZ solve this?
2. Is putting the PAP2T in a DMZ a bad idea? If so, why?
We tend to find that DMZ is a bit ambiguous pending on the manufacture and security implementation.
Theoretically DMZ would act as a demilitarized zone within ones network. Basically a wide open connection or pin hole into one device (server, dns, email, VOIP line, etc, etc) within a network.
More and more often we find that even when placing a device in DMZ network traffic can still be manipulated, misdirected, or blocked by hard-coded security feature or certain functionality by a Firewall / NAT setting in place.
Unless using for testing purposes, DMZ is not recommended to use with our VOIP lines. Functionality differs between router manufactures, and it's not a good practice to open a permanent hole in ones network.
We recommend specifying only the port ranges we utilize and having this forwarded to either a Statically assigned or Reserved IP address for our adapter.
Ports:
5060-5080 (udp/tcp) used for signaling to and from our servers to relay call information
35000-65000 (udp only) used for random assignment of RTP or audio stream
Quote:
Originally Posted by
MisterEd
Does VOIPO really need that wide range of ports or ALL the ports in that range?
Yes and no Ed, it is randomly assigned and differs between each call. So though the entire range is 30,000 ports only one port is actually in use at a time. If you need a port or range of ports within this allotment simply specify the rule again. There's a 1 in 30,000 chance it's an issue :)
Re: "Port Forwarding" vs "Port Range Forwarding"
It is nice that VOIPo works with the customers to some extent, because officially the ATA normally has a router, and is not meant to be behind a different router.
I am guilty of preferring my own choice in router and using the PAP2T.
I do think it was smart money for VOIPo to primarily use the RT31P2 that has a built in router with 3 LAN ports. This allows an if all else fails approach that lets you continue to operate your computers while troubleshooting. A reasonable expectation for a Residential Plan.
Re: "Port Forwarding" vs "Port Range Forwarding"
James,
I understand VOIPo sets the RTP port range to 16384-16482 on the PAP2. This is on the LAN side. When the packet goes out, on the public side some routers may translate the port to a different port number. On my router, the ports stays the same on the public side, unless that port is used by some other node in my LAN.
So, the incoming RTP packets to my router, will have a port range of 16384-16482. Even if I forward ports (which I don't now and I am running fine), I would have to use this range instead of 35000-65000.
Do you usually see the RTP source port on the public side of the PAP2 in the 35000-65000? Just asking out of curiosity.
Re: "Port Forwarding" vs "Port Range Forwarding"
Quote:
Originally Posted by
VOIPoJames
...it is randomly assigned and differs between each call. So though the entire range is 30,000 ports only one port is actually in use at a time...
Why is it randomly assigned? For security purposes? Would it be possible to narrow this down to maybe a several hundred ports range, so we can minimize the number of ports we forward?
Re: "Port Forwarding" vs "Port Range Forwarding"
Quote:
Originally Posted by
abward
Why is it randomly assigned? For security purposes? Would it be possible to narrow this down to maybe a several hundred ports range, so we can minimize the number of ports we forward?
Most of the audio streams are directly from remote media gateways and don't pass through us so most is out of our control.
Re: "Port Forwarding" vs "Port Range Forwarding"
Quote:
Originally Posted by
VOIPoJustin
We find the vast majority of issues related to one way (or no way) audio as well as other connectivity problems to be NAT related. As such, we strongly suggest applying port forwarding (UDP/TCP) as a solution.
Think of the port range 5060 - 5080 as the 'control range,' whereby the adapter communicates back and forth with VOIPo's data centers, providing instructions on how to handle the call.
Separated from this control functionality is the audio stream (RTP), which connects on a randomized port between the range of 35000 - 65000. One key point to consider is that incoming audio is often proxied from different locations throughout the country, depending on the incoming audio's origination and geography.
Because of this separation in call handling and call audio, it is not uncommon for an incoming audio stream to reach the adapter from a completely different (and previously unseen) IP address. Occasionally, some hardware firewalls and SPI filter algorithms (erroneously) detect this incoming data as illegitimate, and block or otherwise prevent/manipulate it from reaching the adapter in tact.
What if one has more than one adapter?
Re: "Port Forwarding" vs "Port Range Forwarding"
Quote:
Originally Posted by
statustray
What if one has more than one adapter?
I don't think he's saying that everyone should forward all these ports, but if you are having problems, this is the quickest way to fix it. I was having some problems, but I have at least three other adapters running on my network, not counting soft phones. I forwarded a smaller range of ports, and reduced that further once it was clear that the problems had diminished to an acceptable level. I still get the occasional dropped call, but it's hard to know whether this is caused by my network, cell phone reception at the other end, someone's ear hitting the "end" button, or what. It's fairly infrequent.
Re: "Port Forwarding" vs "Port Range Forwarding"
Quote:
Originally Posted by
caseydoug
I don't think he's saying that everyone should forward all these ports, but if you are having problems, this is the quickest way to fix it. I was having some problems, but I have at least three other adapters running on my network, not counting soft phones. I forwarded a smaller range of ports, and reduced that further once it was clear that the problems had diminished to an acceptable level. I still get the occasional dropped call, but it's hard to know whether this is caused by my network, cell phone reception at the other end, someone's ear hitting the "end" button, or what. It's fairly infrequent.
Yes, I have more than one adapter too- thru different providers. I have been with VoicePulse for years now, and with VoiPO for a year. I even switched my landline (AT&T), over to Comcast several months ago as they had a special of $19.99 per month for the first 12 months. Why didn't I switch that line to Voipo? I figured Comcast because they have free calling to Puerto Rico, Virgin Islands, and a few others places which I call quite regularly.
I have had some issues with Voipo's call waiting, and am have been sent a RPT but haven't received it yet. I do like how quickly Voipo responds to trouble tickets, and their overall feature set!
I was just trying to be sure that under normal circumstances, having multiple adapters wouldn't ordinarily cause a problem.
Thanks for the clarification ;-)
Re: "Port Forwarding" vs "Port Range Forwarding"
In addition to the PAP2 from VOIPo, I have another PAP2 from NextAlarm, and a couple of old Azacall/UTStarcom adapters from Lingo that I use for fooling around with other services (Google Voice, SipSorcery, Callcentric, IPKall, etc.). Some of these setups require that I be able to reach the adapter directly from another adapter -- i.e., without a SIP proxy in between. These direct connections could not be made without port forwarding, since an external caller needs to be directed to the appropriate device. However, several people have reported using multiple adapters without any port forwarding at all, with no problems. YMMV.
