Community discussions

MikroTik App
 
spomata
just joined
Topic Author
Posts: 13
Joined: Thu Nov 24, 2022 11:05 am

Differentiated UDP tracking timeout in firewall for VoIP

Mon Jan 30, 2023 4:36 pm

Hi all,

At my office I successfully replaced our provider's router with a hex S. I managed to port also the VoIP service, but the IP phone they provided us works by sending keepalive approximately every 10 minutes, hence a smaller UDP timeout in the NAT tracking would render inbound calls impossible.

Effectively, I managed to inspect the previous router's config and the timeout for NAT UDP connection tracking was set to 11 minutes.

I have changed the default setting in RouterOS for UDP stream timeout and the phone works fine, however I was wondering if there was a finer-grained setting that could apply a different timeout based on LAN IP/VLAN (I have the feeling the previous router could do this based on reverse-engineering the config). I wouldn't like to change such a setting from the default of 3 mins. to 11 and having the connection table grow hugely in size as a consequence.

Also, what could be a different approach? DST-NAT on the SIP port towards the LAN phone IP, but that would mean dedicating port 5060 exclusively to that phone and preventing the possibility of, for example, using a softphone on a different host?

Thank you

Who is online

Users browsing this forum: Google [Bot], GoogleOther [Bot] and 79 guests