[ previous ] [ next ] [ threads ]
 
 From:  Energy X <energyx at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] 1.31 released
 Date:  Thu, 8 Apr 2010 20:53:27 -0400
I'm not sure what the exact problem was with 1.23, but I am now seeing an
issue with 1.31 and SIP/RTP. I have the Grandstream HT-502
ATA(192.168.50.112) behind m0n0wall with the following firewall/NAT
settings, per my provider:

NAT Rule:
WAN       UDP       5004 - 65000       192.168.50.112       5004 - 65000
     VOIP UDP

Firewall Rule:
UDP       *       *       192.168.50.112       *       NAT VOIP UDP

The problem is that m0n0wall seems to assign random ports to the incoming
connections, and occasionally it will assign a port below 5004, which is
outside the NAT port range. A connection will come in on 5060 and m0n0wall
will use something like 2663 and the firewall blocks it since there is no
incoming NAT on that port for any internal addresses. Is there a way to
disable the random port translation? I would think m0n0wall would know it
set the port below the NAT rule and allow it through since the original
incoming request came in on an allowed port. Also, the connection being
blocked in the firewall log shows the original incoming port (usually 5060)
and the translated port (below 5004) with the WAN interface address and
deny.

Thanks
Chris

On Thu, Apr 1, 2010 at 2:45 PM, Reinaldo Garcia
<garcia dot reinaldo at gmail dot com>wrote:

> On Fri, Mar 19, 2010 at 10:44 AM, Energy X <energyx at gmail dot com> wrote:
> > Manuel,
> >  Thank you for this solid product. I recently had problems with a
> > Grandstream VOIP ATA while using v1.23. I upgraded to 1.3b7 then to 1.31
> > (per instructions) with no issue and the new version resolved my VOIP
> > problem. Thank you for all your hard work!
>
>    Energyx can you tell us what was your poblem?
>
> >
> > Chris Scanlon
> >
> > On Sat, Mar 6, 2010 at 9:35 AM, Manuel Kasper <mk at neon1 dot net> wrote:
> >
> >> Hello,
> >>
> >> after numerous contributions from Andrew White, it is time for a new
> >> release. m0n0wall 1.31 is now available; here's a quick summary of the
> >> changes since 1.3:
> >>
> >> - various IPv6 improvements (in DNS forwarder, DHCPv6, AYIYA, etc.)
> >>
> >> - bridge "disable spoof check" option (for non-m0n0wall DHCP and
> multicast)
> >>
> >> - fans/temperature monitoring on status page for supported platforms
> >> (unfortunately Soekris/PC Engines not included)
> >>
> >> - fix for OpenSSL session renegotiation vulnerability (-> HTTPS webGUI)
> >>
> >> - patch to DHCP server daemon to reduce lease file growth
> >>
> >> Downloads and change log:
> >>
> >> http://m0n0.ch/wall/downloads.php
> >>
> >> Regards,
> >>
> >> Manuel
> >
>
>
>
> --

>