How to NAT incomming traffic for certain source and certain port??

johnpoz

exactly.. And dest port would normally be 5060 for sip.

louis2

Hello,

I do not know why, perhaps as a consequence of restarts and/or switching on off the wan, whats ever ..... but the nat works .....

For info, in a SIP-invite the source address is 5600 see below

Below a couple of rule I am using to forward some traffic. Of course there are some related auto generated rules in the WAN-interface

There are some more rules required, however ........ I still do not have working telphonie I assume that is related with registration communication between the providers voip-platform and the Fritsbox.

At this moment, despite lots of tests and wireshark-traces, I just do not know the remaining issues are and as a consequence even less how to fix them .....

I even doubt if I will ever get it working .....
Not every thing ..... is documented the way I would like ....... and the fritsbox is not intended to be used as voip access point, in opposite to its intended use as a router

Louis

SteveITS

@louis2 So the IP .61 is KPN_IMS? And this is for a new call coming in to your server?

In your second picture those are NAT forwards? What is the column after FritzBoxDect? On a NAT forward that would be "NAT Ports" and I did not think it possible to set that to any/*...?

Bob.Dig

Doesn't the fritzbox shows what ports are needed?
For my SIP Provider (and ISP) I also have to use static port outbound NAT.

And keep alive (30sec) in the fritzbox for telephony but I don't have to open ports.

louis2

@bob-dig

Hi Bob, I used to have a rule like that in the past, however I do not understand the need for such a rule. Let me explain my thinking.

For incoming IPV4-traffic you need a NAT-rule and the related fw-rule to:
a) allow the traffic and
b) to map the the traffic from your external ip towards the local ip of the involved ipv4 machine

And if i connect the internet from the lan you also need nat to get an global valid IPV4-adress (the IPV4-address assigned to you). However .... that is standard and handled by the default auto generated NAT-rule.

So assuming that that is correct, you only need NAT-rules for incoming traffic.

With that in mind I did create,

• a NAT-rule to map and allow incoming SIP
• a NAT-rule to allow incoming RTP and
• a NAT-rule to allow some additional ports I found (but from I do not know if they are really used and if how)

I also noticed that there are ICMP status messages, so I should probably allow and NAT them as well (I still have to add that).

However I have to admit that it is only partly (not to say not) working at the moment.

• the incoming sip-invites which should pass, do not always pass and verdict I do get perhaps related crash reports (see 2.7 development section)
• the SIP registration process is probably not working as it should
• if the incoming SIP-invite is NAT as expected, than an incoming call / session is started ........ however ....... there is outgoing rtp is not audible at the remote site (despite the fact that there is two way audio in the WAN wireshark trace).

To resume:

• I do not understand the outgoing nat rule (including "static")
• more other aspects to understand and solve :(

Bob.Dig

@louis2 My understanding is, you can open ports all that you want. If the other side expects static outbound NAT then you have to do that anyways, there is no way around that.

louis2

Hello,

I know that the actual thread title does not reflect the original subject ...... but given previous post here my actual problem.

At this moment I can create an incoming call (from my mobile) towards my fritzbox and I can make a call from my fritzbox towards my mobile.

However, in case of the incoming call, there is no audible sound from the home set present. The mobile can not hear the home side (one way audio).

I case of the outgoing call it works like it should (two way audio).

The strange thing is that wireshark traces of both calls and in both involved vlans (the WAN and the LAN) show that there is two way RTP). I can listen to that using wireshark ....... But a said for in case of the incoming call, the audio from the home set is not audible on the mobile.

I did lot of tests, but I really do not understand the problem. So I really hope someone out there does understand and has the solution.

Below, screenshots of my actual settings

Louis

louis2

I should have added, that if I directly connect the fritzbox with the glass access point, everything works as expected.

Up to now I did not manage to monitor / log the communication between the fritzbox and the glass access. That is difficult since it is pppoe with at least two vlans (4 and 6). Where the interface spec is ...... not really known.
Trying to connect the glass access and the fritsbox failed and of cause than it is also not possible to capture a wireshark trace using the switch its mirror capacity.

louis2

With the actual settings, that are the settings shown above minus the top and botum NAT-froward rules and the two LAN-rules disabled. There is very low volume audio present.

So to a certain extend it works, however the audio is surrey not passing correctly yet

louis2

Note,

That working on this issue I encountered three issues:

• a crash report
• strange nat interface behavoir
• an incorrect backup file, probably related to this activity

So, I did open some issues in the development forum, and will wait with further trails up to updates and jimps reaction