I have the rb750 running license level 4 for one of my customers. We also have VoIP
telephony running in the network. In order to allow VoIP phone calls from outside, we
need to open ports 5060’ 5061 and 5080 and forward them to the SIP server. This is to
be done of course in NAT. But when we try to do this, SIP protocol is not listed among
the protocols available. We have tried udp and tcp. None of them worked.
I want to know if this is a license level problem of if router os does not support sip
protocols port forwarding generally.
If it is a license issue, can the level 4 license that comes bundled with the rb750 be
upgraded or replaced with the level 5 or 6?
…
I don’t think that’s a license thing. Licenses usually limit how many PPPoE connections, etc.
The protocol field you’re talking about is “layer 4 protocol” things like udp, tcp, ipip, gre. Sip is a higher layer protocol, so you don’t match SIP there.
SIP through nat can be very tricky indeed, especially if it’s the server that is behind NAT.
You should probably go under Service Ports and disable SIP there.
(If the sip server has nat-traversal features, you don’t want the Mikrotik trying to doctor the SIP messages also)
I know it sounds backwards, but that’s usually what worked best for us at a telco provider where I used to work.
P.S. - You’re almost certainly going to need to set up a range of UDP ports for the phones to use for the RTP sessions also - the SIP server often has configurations to limit RTP to a certain range of ports, or the documentation provides a list of the ports it will use for RTP. Whatver the case, you should forward that range of ports to the SIP server also.
It would seem like this is a peculiar issue with RouterOS. I have only experienced this with it. Even on standard wifi routers that you will typically deploy in your home network, its a simple thing to do.
Your workaround is very insightful and useful and I will try it. Lets see what other experiences some others may have had in this area.
Mikrotik is orders of magnitude more powerful and capable than most home routers, so the features can be confusing or intimidating to first time users. (The controls of your car are not as complicated as the controls to a Boeing 747 right?)
FYI - that sip service you disabled is what’s known as an ALG (application layer gateway) or protocol helper. Basically, when checked, the Mikrotik tries to modify the information in the payload of those services (FTP is a classic example) because simply manipulating the addresses in packet headers is not enough to make them work through NAT. If you have many problems, and you know you do not want to forward ports to any other inside host, you could just forward all ports to the SIP server. (home wireless routers often call this a default host, or pass-through host)