[ previous ] [ next ] [ threads ]
 
 From:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
 To:  "Carsten Holbach" <Carsten dot Holbach at gmx dot de>, "Guido Quiram" <guido at quiram dot org>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Port still get's blocked while allowed by firewallrule
 Date:  Tue, 25 Apr 2006 11:08:59 +0200
That is not possible. NAT can't work that way (forwarding the same range of the same public IP to
different internal IPs). If your SIP Provider offers a STUN Server try using this one. It should
help with NAT-Traversal without the need for portforwards or NATs.

If you only add a firewall rule without adding NAT it won't work for internal IPs (unless you route
traffic what you don't do and what is not possible with your setup).

Holger

> -----Original Message-----
> From: Guido Quiram [mailto:guido at quiram dot org]
> Sent: Tuesday, April 25, 2006 11:03 AM
> To: Carsten Holbach; m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Port still get's blocked while allowed by
> firewallrule
> 
> 
>  > Heya
>  >
>  > Did you set up incoming NAT for that?
> 
> Nope, haven't as I have various internal SIP clients that use 
> the port 
> range UDP 11000 to 11009. Therefore I cannot set up incoming 
> NAT to only 
> one internal client.
> 
> Basically I wonna allow incoming UDP traffic on ports 11000 
> to 11009 to 
> any internal device (maybe limitating to a couple of external IP 
> addresses of the VoIP providers.
> 
> Any idea? Thanks much so far and best regards, Guido
> 
> 
> 
> Guido Quiram schrieb:
>  > Hi,
>  >
>  > sorry in case my prob has been already discussed for a thousand of 
> times... I searched the archive, but can't find a direct solution.
>  >
>  > I have an active firewall rule  allowing all UDP to come 
> in from any 
> IP and any port to reach the "LAN net" on ports 11000 - 11009 
> (RTP for 
> VoIP).
>  >
>  > However, my log tells me the following was blocked:
>  > If  Source                      Destination     Proto
>  > WAN provideripaddress.ch:37490  myip.ch:11002      UDP
>  >
>  > What's wrong?
>  >
>  > Thanks much,
>  >
>  >
>  > Guido
>  >
>  > 
> ---------------------------------------------------------------------
>  > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>  > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>  >
>  >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 

____________
Virus checked by G DATA AntiVirusKit