Hi I am trying to forward the ports for my VOIP Adapter but it does not seem to be working.
The Ports I am trying to forward to my VOIP Adapter (192.168.88.3)
Local SIP port: 5060
Local RTP port: 10002
I printed out my current filter rules.
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=masquerade out-interface=sfp1-gateway
1 ;;; default configuration
chain=srcnat action=masquerade out-interface=ether1-gateway
2 chain=dstnat action=dst-nat to-addresses=192.168.88.50 to-ports=24430 protocol=tcp dst-port=24430
3 chain=dstnat action=dst-nat to-addresses=192.168.88.50 to-ports=24430 protocol=udp dst-port=24430
4 chain=dstnat action=dst-nat to-addresses=192.168.88.3 to-ports=5060 protocol=udp dst-port=5060
5 chain=dstnat action=dst-nat to-addresses=192.168.88.3 to-ports=10002 protocol=udp dst-port=10002
I see some packets move on 5060 but my device in not registering to voip.ms
My VOIP Adapter is a Grandstream HT702
Any help would be greatly appreciated.
Thank you,
Raymond
Re: Port forwording for VOIP Adapter
What about your firewall rules? These are your nat rules but you must accept those ports in the input filter as well.
Re: Port forwording for VOIP Adapter
I tried to add input rules to the firewall but it is still not establishing link. I turned off the SIP helper in the Service Port tab. because i read it gives more problems than it helps.
My print out of filter rules
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=accept protocol=udp dst-port=5060
1 chain=input action=accept protocol=udp dst-port=10000-10005
2 ;;; default configuration
chain=input action=accept protocol=icmp
3 ;;; default configuration
chain=input action=accept connection-state=established
4 ;;; default configuration
chain=input action=accept connection-state=related
5 ;;; default configuration
chain=input action=drop in-interface=sfp1-gateway
6 ;;; default configuration
chain=input action=drop in-interface=ether1-gateway
7 ;;; default configuration
chain=forward action=accept connection-state=established
8 ;;; default configuration
chain=forward action=accept connection-state=related
9 ;;; default configuration
chain=forward action=drop connection-state=invalid
10 X ;;; Steven
chain=forward action=drop src-address=192.168.88.60-192.168.88.69 packet-mark=""
And once again my NAT rules = "I added a range for my RTP port"
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=masquerade out-interface=sfp1-gateway
1 ;;; default configuration
chain=srcnat action=masquerade out-interface=ether1-gateway
2 chain=dstnat action=dst-nat to-addresses=192.168.88.3 to-ports=5060 protocol=udp dst-port=5060
3 chain=dstnat action=dst-nat to-addresses=192.168.88.3 to-ports=10000-10005 protocol=udp dst-port=10000-10005
4 chain=dstnat action=dst-nat to-addresses=192.168.88.50 to-ports=24430 protocol=tcp dst-port=24430
5 chain=dstnat action=dst-nat to-addresses=192.168.88.50 to-ports=24430 protocol=udp dst-port=24430
My ATA is configured correctly, and works when used with my ASUS Rt-N16 running tomato.
My ATA is able to communicae to NTP servers and is resolving my VOIP provider IP address when connected to the Mikrotik.
Thank you,
Raymond
My print out of filter rules
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=accept protocol=udp dst-port=5060
1 chain=input action=accept protocol=udp dst-port=10000-10005
2 ;;; default configuration
chain=input action=accept protocol=icmp
3 ;;; default configuration
chain=input action=accept connection-state=established
4 ;;; default configuration
chain=input action=accept connection-state=related
5 ;;; default configuration
chain=input action=drop in-interface=sfp1-gateway
6 ;;; default configuration
chain=input action=drop in-interface=ether1-gateway
7 ;;; default configuration
chain=forward action=accept connection-state=established
8 ;;; default configuration
chain=forward action=accept connection-state=related
9 ;;; default configuration
chain=forward action=drop connection-state=invalid
10 X ;;; Steven
chain=forward action=drop src-address=192.168.88.60-192.168.88.69 packet-mark=""
And once again my NAT rules = "I added a range for my RTP port"
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=masquerade out-interface=sfp1-gateway
1 ;;; default configuration
chain=srcnat action=masquerade out-interface=ether1-gateway
2 chain=dstnat action=dst-nat to-addresses=192.168.88.3 to-ports=5060 protocol=udp dst-port=5060
3 chain=dstnat action=dst-nat to-addresses=192.168.88.3 to-ports=10000-10005 protocol=udp dst-port=10000-10005
4 chain=dstnat action=dst-nat to-addresses=192.168.88.50 to-ports=24430 protocol=tcp dst-port=24430
5 chain=dstnat action=dst-nat to-addresses=192.168.88.50 to-ports=24430 protocol=udp dst-port=24430
My ATA is configured correctly, and works when used with my ASUS Rt-N16 running tomato.
My ATA is able to communicae to NTP servers and is resolving my VOIP provider IP address when connected to the Mikrotik.
Thank you,
Raymond
Re: Port forwording for VOIP Adapter
What is the setup you are trying to fix? Do you simply have your ATA behind a Mikrotik going to a provider? If so, you don't need to open up any ports. If your masquerade is working and you have the sip service turned off, make sure your ATA is setup for NAT and it should work fine WITHOUT any ports opened on the firewall since the registration is being started from behind the masquerade. I think your problem is with the ATA not being setup for NAT.
If you want to test this, disable ALL of your firewall rules for a minute so there is no firewall but leave masquerade turned on. If you still can't register it is not the Mikrotik.
If you want to test this, disable ALL of your firewall rules for a minute so there is no firewall but leave masquerade turned on. If you still can't register it is not the Mikrotik.