[ previous ] [ next ] [ threads ]
 From:  Adrian Basescu <adrianeli at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  DMZ problem with Grandstream VoIP devices
 Date:  Sun, 3 Apr 2005 11:15:49 -0400
I have the following problem with a m0n0wall DMZ and the effect is the
same on all versions I have tried, from 1.1 to 1.2b7.

I have m0n0wall with 3 interfaces, WAN, LAN and DMZ(OPT1).

I have several Grandstream VoIP devices which I would like to  put all
on the DMZ subnet.
But I can put ONLY one, since any others do not authenticate to their 
SIP servers on the internet.

If I leave only one VoIP device on the DMZ, it works, but here is
another weird problem. It cannot take NTP time from the Internet. Once
I have configured it to take NTP time from a server on the LAN subnet,
it is fine.

If I place the other VoIP devices on the LAN, they work fine and they
authenticate OK to their SIP servers.

There are no log entries that show access denied to/from port 123
(NTP) or to/from 5060 (SIP)
or to/from the IP addresses of the VoIP devices.
I see no reason why the DMZ subnet does not work the same way as the LAN subnet.

Adrian Basescu,