[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] nat source port randomization and VOIP
 Date:  Tue, 9 Sep 2008 18:29:05 -0400
On Tue, Sep 9, 2008 at 10:22 AM, Sterling Windmill
<sterling dot windmill at custdata dot com> wrote:
> Since I upgraded my home m0n0wall (running on ALIX) router to 1.3b14, I am experiencing an issue
with my VOIP provider (Via Talk) that I am assuming is a side effect of the newly added nat source
port randomization.
> My calls get placed or are received, but I cannot hear the remote caller once the call is
> I have worked around this problem temporarily by assigning a static IP to the VOIP device in a 1:1
NAT configuration, but I imagine I am in the minority for having an extra IP available for this
> Is it possible to selectively turn off source port randomization for certain IPs? Is my VOIP
provider doing something it shouldn't be? Any thoughts?

This is a common problem with SIP and occasionally other VoIP, source
port rewriting will commonly break it completely or partially.

pfSense disables source port rewriting for UDP 5060 traffic by default
for this reason, and has a "static port" option in Advanced Outbound
NAT which also allows you to disable this behavior for any other
traffic you desire. I don't have a 1.3b14 box handy at the moment, but
might want to check if something similar exists in AON in that
version. If not, it probably should. There are a number of other
applications this will break, some online games is a common one I've
heard of.