Community discussions

 
jml
newbie
Topic Author
Posts: 39
Joined: Wed May 15, 2013 3:22 am

RouterOS 6.11 - dropping UDP flows?

Wed Jul 23, 2014 6:06 am

Hi,
I have a RB2011 running 6.11 with a very simple routing setup.
On this network there are VoIP phones, all of which work fine, except for a new phone which was just recently added.
I've traced the problem to the Mikrotik router not forwarding the UDP packets from the phone (it will forward maybe 1 in 100 or 200).
Using the packet sniffer, I see the UDP arrive on ether1 and it should be leaving on ether5, but it never makes it:

247 263.021 ether1... xxx.xxx.xxx.2:51748 yyy.yyy.yyy.3:5060 (sip) udp 643
248 266.893 ether1... xxx.xxx.xxx.2:51749 yyy.yyy.yyy.3:5060 (sip) udp 744
249 267.042 ether1... xxx.xxx.xxx.2:51750 yyy.yyy.yyy.3:5060 (sip) udp 643
250 270.882 ether1... xxx.xxx.xxx.2:51751 yyy.yyy.yyy.3:5060 (sip) udp 744
251 271.03 ether1... xxx.xxx.xxx:51752 yyy.yyy.yyy:5060 (sip) udp 643
252 274.87 ether1... xxx.xxx.xxx:51753 yyy.yyy.yyy.3:5060 (sip) udp 744

And for whatever reason, occasionally, one will be forwarded properly:

334 402.885 ether1... xxx.xxx.xxx.2:51851 yyy.yyy.yyy.3:5060 (sip) udp 744
335 402.885 ether5 xxx.xxx.xxx.2:51851 yyy.yyy.yyy.3:5060 (sip) udp 744

I don't have any firewall rules that would affect these packets:

> /ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=accept protocol=tcp src-address=zzz.zzz.zzz.0/22 dst-port=21-23

1 chain=input action=drop protocol=tcp dst-port=21-23

2 X chain=forward action=log protocol=udp src-address=xxx.xxx.xxx.2 dst-address=yyy.yyy.yyy.3 out-interface=ether5 log-prefix=""

> /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic

>/ip route print
0 A S 0.0.0.0/0 xxx.xxx.xxx.57 1

> /ip addresses print
10 xxx.xxx.xxx.58/30 xxx.xxx.xxx.56 ether5

Any ideas?

Thanks.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2946
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: RouterOS 6.11 - dropping UDP flows?

Wed Jul 23, 2014 8:53 am

The phone are exactly same model and have exactly same firmware and have exactly same provider and config? (obviously except username and password).

On firewall / service ports sip are active? on what port?
Try to change the default inbound (not the exit port to provider) to 5061 and make one new nat rule like:

dst-nat
dst-address=public ip
dst-port=5061
to address=ip of ip phone
to port=5061
I'm Italian, not English. Sorry for my imperfect grammar.
 
jml
newbie
Topic Author
Posts: 39
Joined: Wed May 15, 2013 3:22 am

Re: RouterOS 6.11 - dropping UDP flows?

Wed Jul 23, 2014 2:43 pm

This is actually a new Cisco 7942 phone (we typically use the 5xx series).
I cannot control the outbound high ports (50000+). The phone automatically uses those ports.
 
jml
newbie
Topic Author
Posts: 39
Joined: Wed May 15, 2013 3:22 am

Re: RouterOS 6.11 - dropping UDP flows?

Wed Jul 23, 2014 2:52 pm

It appears as though the Mikrotik does not like high UDP ports (50000+)...
If I src-nat the ports down to the 10000-20000 range, it seems to pass the traffic ok.

WTF!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2946
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: RouterOS 6.11 - dropping UDP flows?

Wed Jul 23, 2014 3:55 pm

Port 32768 to 65535 is used for NAT.

Is not MikroTik problem.
I'm Italian, not English. Sorry for my imperfect grammar.
 
jml
newbie
Topic Author
Posts: 39
Joined: Wed May 15, 2013 3:22 am

Re: RouterOS 6.11 - dropping UDP flows?

Wed Jul 23, 2014 4:27 pm

What do you mean ports 32768-65535 are "used for NAT"?
What if I have traffic that comes across the Mikrotik on those ports? It just dumps it?
Normally I do not have NAT running (there were no NAT rules installed before I tried the src-nat rule - this is a building router and does not NAT).

-- James
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2946
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: RouterOS 6.11 - dropping UDP flows?

Wed Jul 23, 2014 5:38 pm

are you sure your provider accept that range? as I mentioned above, usually 32768 to 65535 are used by NAT and software usually do not accept to send NEW connection on that ports...
I'm Italian, not English. Sorry for my imperfect grammar.
 
jml
newbie
Topic Author
Posts: 39
Joined: Wed May 15, 2013 3:22 am

Re: RouterOS 6.11 - dropping UDP flows?

Wed Jul 23, 2014 5:41 pm

Cisco 79xx phones now send outbound packets from 50000+ for "extra security".
Since I'm the VoIP provider, yes I do accept SIP packets coming from those ports :)

But the fact of the matter is, the Mikrotik shouldn't care that the packets originate from ports 50000+ unless I tell it to care.
 
jml
newbie
Topic Author
Posts: 39
Joined: Wed May 15, 2013 3:22 am

Re: RouterOS 6.11 - dropping UDP flows?

Wed Jul 23, 2014 9:04 pm

Apparently it has something to do with the Mikrotik SIP helper. Disabling it allowed the packets to flow.
Does anyone know what the SIP Helper is actually doing?

Who is online

Users browsing this forum: Google [Bot], Jatzoo and 82 guests