With Recent Changes; What Ports and Ip addresses should be open to the Pap2t Adapters

[eagle 1]

With all the Recent Changes; What Ports and Ip addresses should be open to the Pap2t Adapters.

I was given the following ports and Ip address in a support ticket in the past.

The RTP ports that need forwarding as well as the standard VOIPo ports are: 5004, 5012, 5060, 5061, 5062, 5079 and 35000-65000 (TCP and UDP).

The only IP your device should be communicating to is: 74.52.58.50 (sip.voipwelcome.com) and 208.101.11.251 (voicemail server). The other servers shouldnt be connecting to/from you. However it wouldn't hurt also enabling 174.132.131.* (i/o routing)."

Now that there are new database servers, other sip servers

east01, central01, central02 and sip.voipwelcome

What ports and IP addresses are voipo addresses?

[christcorp]

why are you forwarding ports? The only time ports should need forwarding is if you have a very tight firewall. Giving your adapter can sometimes be useful if your network has a lot of devices on it. But if you have to forward ports to get it to work, you've got issues with your network.

[usa2k]

Yes, needing port forwarding is likely a router/firewall issue, or the registration is not happening often enough to keep the SPI window open so VOIPo can ring the phone. (Failure to ring to one of 5060-5080)

This thread link endorsed port forwarding with even Nitzan buying into it.
http://www.dslreports.com/forum/r220...for-prime-time

They talked 35000-65000 forwarding. That would be the voice streams, and that seems a desperate measure. That ... firewall issues? A more rare need, and I will not speculate cause/effect.

A simple network, with decent router - not needed.

[eagle 1]

why are you forwarding ports? The only time ports should need forwarding is if you have a very tight firewall. Giving your adapter can sometimes be useful if your network has a lot of devices on it. But if you have to forward ports to get it to work, you've got issues with your network.

Yes, I do forward ports and only allow specific ip's to those ports due to my home network setup. I currently have 5 servers, (4 windows server 2008 and 1 linux server), Several Ip cameras, and multiple desktops/laptops.

I am using a cisco asa 5510 as my firewall and a cisco (not linksys) router. And as you say, forwarding ports means you've got issues with your network. I disagree, my network does not have issues due to using a real firewall and router. My internet provider does not block any ports and provides all access to the internet, so there are often bots and hackers attempting to enter or block traffic. I also have several devices using the same ip, sip and/or voip ports, which requires forwarding the traffic to the correct device.

I would agree many home setups do not need a real router or port forwarding, but in my case it is needed.


So again, I ask

Now that there are new database servers, other sip servers

east01, central01, central02 and sip.voipwelcome

What ports and IP addresses are voipo addresses?

[sr98user]

Regarding ports for PAP2T by default, 5061 and 5062 are SIP ports. RTP ports are from 16384 to 16482. IP addresses will be all over the map. For sure, you will be talking to the SIP server that you are connected to. If your audio stream is proxied, then the audio stream will be from the SIP server. If it is not proxied, then any media gateway around the country could send audio streams to RTP ports (16384 16482). And then there are syslog messages that go over port 514.

But you have to have complete understanding of how your NAT'ing works on your cisco router. Because, if the same ports (SIP and RTP) are used by multiple VOIP devices in your network, then you might end up with problems. Also, if the router thinks that a port is being used then it will map it to a different global port. I have Cisco router and used to have firewall turned on. But it became hard to handle over time, to maintain the ACLs.

[eagle 1]

But you have to have complete understanding of how your NAT'ing works on your cisco router. Because, if the same ports (SIP and RTP) are used by multiple VOIP devices in your network, then you might end up with problems. Also, if the router thinks that ports is being used then it will map it to a different global port. I have Cisco router and used to have firewall turned on. But it became hard to handle over time, to maintain the ACLs.

I do have a complete understanding of how the NAT'ing, PAT'ing and routing works, what normal ports are used for VOIP. I do not have any problems with my connections today. I understand people like to debate firewall, router, port forwarding,etc. But that is not the point of my thread.

But as I stated, I don't have questions on how it works or whatever. My voip communications work great. I just wanted a list of IP's used by VOIPO and the ports used by VOIPO from someone at VOIPO.


thanks for all the comments and suggestions.

[sr98user]

Nothing personal. Just wanted to make sure you are aware of all the issues.

Keep an eye on the "logging". That will tell you which packets get rejected and you can update your ACL as needed.

[Xponder1]

As a test a few days ago I disabled port forwarding to my PAP2 and have not had any issues. Setup is PAP2 ->Linksys WRT54GS (DD-WRT)->At&t 2-wire -> World

No problems with in or outgoing calls. Call quality is fine. Unless your running a freaking Cisco router you probably do not need to forward anything. More complex routers like a Cisco that control everything in/out of the router would be a different story.

[voipinit]

Configure a NAT firewall and use A STUN server, if you are provisioned you already are using one and you shouldn't need to forward ports (albeit sometimes a good idea to anyway depending on your setup).

[scott2020]

I noticed something interesting on my setup. I run Tomato, and have always had ports 5060-5080 forwarded along with some RTP ports but not all of the 35000-65000 range. Last night I decided to stop the port forwarding to see what happened.

My audio used to be redirected to a closer media gateway from Level3 for inbound calls. Now audio is proxied through zeus.voipwelcome.com and I don't see any of the Level3 addresses connecting. I also don't see any other VOIPo machines like central01, east01, and so on. Outbound calls are now also being sent via zeus. When I forwarded ports, my outbound calls were handed off to another media gateway.

I guess long story short, port forwarding changed my audio paths drastically. Non-port forwarding sends all of my audio through the zeus server at the 74.52 address at ThePlanet.

Scott