AVM Fritz boxes

Discussion in 'UK VOIP' started by Gordon Henderson, Oct 12, 2008.

  1. Anyone know how to turn off the built-in SIP port-forarding and let
    them port-forward to an internal host? When I enter 5060 into their
    port-forwarding table, it gives me the lovely message:

    ERROR: Entry conflicts with an internal rule

    I get the feeling that these boxes, nice though they might be just want
    to take-over all VoIP on that line.

    At least with a Draytek, I can turn this off.

    (If you want the background it's simply that a client has one and also
    an asterisk PBX and they want the asterisk PBX to register to external
    SIP providers and handle external SIP phones and the AVM, Like Draytek's
    in getting in the way)

    It's a

    FRITZ!Box Fon WLAN 7050 Annex A, Firmware Version 14.03.91

    if this means anything to anyone. I'd drop-kick it into the nearest skip
    and replace it with anything if the client weren't using the USB port on
    it to feed their network (long story - best not go there)

    Gordon
    Gordon Henderson, Oct 12, 2008
    #1
    1. Advertising

  2. Gordon Henderson <> wrote in <gcsioi$1svl$>:
    > Anyone know how to turn off the built-in SIP port-forarding and let
    > them port-forward to an internal host? When I enter 5060 into their
    > port-forwarding table, it gives me the lovely message:


    > ERROR: Entry conflicts with an internal rule


    > I get the feeling that these boxes, nice though they might be just want
    > to take-over all VoIP on that line.


    I get that feeling too.

    > (If you want the background it's simply that a client has one and also
    > an asterisk PBX and they want the asterisk PBX to register to external
    > SIP providers and handle external SIP phones and the AVM, Like Draytek's
    > in getting in the way)


    The only solution I can think of if you want to keep the fritz!box is to
    change the default SIP port in sip.conf in asterisk. Then you can set a
    forward.

    This does mean you have to have full control over any traffic from/to the
    asterisk, either because the registration originates in the asterisk
    (external SIP provider) or because you control the external phone.

    Koos

    --
    The Virtual Bookcase, the site about books, book | Koos van den Hout
    news and reviews http://www.virtualbookcase.com/ | http://idefix.net/~koos/
    PGP keyid DSS/1024 0xF0D7C263 or RSA/1024 0xCA845CB5|
    Koos van den Hout, Oct 12, 2008
    #2
    1. Advertising

  3. In article <gcsoka$sro$4all.nl>,
    Koos van den Hout <4all.nl> wrote:
    >Gordon Henderson <> wrote in
    ><gcsioi$1svl$>:
    >> Anyone know how to turn off the built-in SIP port-forarding and let
    >> them port-forward to an internal host? When I enter 5060 into their
    >> port-forwarding table, it gives me the lovely message:

    >
    >> ERROR: Entry conflicts with an internal rule

    >
    >> I get the feeling that these boxes, nice though they might be just want
    >> to take-over all VoIP on that line.

    >
    >I get that feeling too.
    >
    >> (If you want the background it's simply that a client has one and also
    >> an asterisk PBX and they want the asterisk PBX to register to external
    >> SIP providers and handle external SIP phones and the AVM, Like Draytek's
    >> in getting in the way)

    >
    >The only solution I can think of if you want to keep the fritz!box is to
    >change the default SIP port in sip.conf in asterisk. Then you can set a
    >forward.


    I could...

    >This does mean you have to have full control over any traffic from/to the
    >asterisk, either because the registration originates in the asterisk
    >(external SIP provider) or because you control the external phone.


    Well, there are SIP phones on the inside, as well as potentially SIP
    phones on the outside - the ones on the inside are within my control,
    but the external ones aren't, so changing the SIP port on the asterisk
    box isn't really an option, as telling the punters to use a different
    port will be potentially hard and confusing )-:

    I wanted to use the analogue ports on this box too.

    Thankfully we're using IAX to trunk calls in & out. Need to think of a
    plan-B for remote SIP phones though.

    I wonder if the Fritz box will stop the asterisk box registering to a
    remote SIP service ..Hm.

    Double Hmm.. I've just done a backup of the config and noticed all the
    built-in forwarding in the text file.. There's some intersting stuff in
    there.

    Eg:

    reject tcp any host 202.106.185.127 eq 25

    That stops incoming email from a certian chinese location.

    But there's also forwarding/firewall rules for port 5060. I wonder if I
    can change it and upload it back to the router... Hm. it would be good
    if I can, as I can then add the IAX port into the traffic shaper...

    Watch this space :)

    Gordon
    Gordon Henderson, Oct 12, 2008
    #3
  4. Gordon Henderson <> wrote in <gctg2g$fkr$>:

    > >The only solution I can think of if you want to keep the fritz!box is to
    > >change the default SIP port in sip.conf in asterisk. Then you can set a
    > >forward.

    > I could...


    I had a look at a grandstream phone that did not work behind a fritzbox as
    adsl-router. The grandstream phone already had the local sip port changed.
    So that change in itself isn't the complete solution.

    > Double Hmm.. I've just done a backup of the config and noticed all the
    > built-in forwarding in the text file.. There's some intersting stuff in
    > there.


    > But there's also forwarding/firewall rules for port 5060. I wonder if I
    > can change it and upload it back to the router... Hm. it would be good
    > if I can, as I can then add the IAX port into the traffic shaper...


    > Watch this space :)


    I will. The problem isn't affecting me but I know at least one person who
    would like 'sip phone behind fritzbox' to work normally.

    Koos van den Hout

    --
    Koos van den Hout Homepage: http://idefix.net/~koos/
    PGP keyid DSS/1024 0xF0D7C263 or RSA/1024 0xCA845CB5
    Webprojects: Camp Wireless http://www.camp-wireless.org/
    The Virtual Bookcase http://www.virtualbookcase.com/
    Koos van den Hout, Oct 14, 2008
    #4
  5. Gordon Henderson

    Ivor Jones Guest

    In news:gd2ole$sro$4all.nl,
    Koos van den Hout <4all.nl> typed, for some
    strange, unexplained reason:
    : Gordon Henderson <> wrote in
    : <gctg2g$fkr$>:

    [snip]

    : > Watch this space :)
    :
    : I will. The problem isn't affecting me but I know at least one person
    : who
    : would like 'sip phone behind fritzbox' to work normally.

    Don't know about a specific SIP phone, but I have two ATA's (a SPA-2000
    and SPA-1001) working fine behind my Fritz!Box 7170.

    Ivor
    Ivor Jones, Oct 14, 2008
    #5
  6. In article <gd2ole$sro$4all.nl>,
    Koos van den Hout <4all.nl> wrote:
    >Gordon Henderson <> wrote in
    ><gctg2g$fkr$>:
    >
    >> >The only solution I can think of if you want to keep the fritz!box is to
    >> >change the default SIP port in sip.conf in asterisk. Then you can set a
    >> >forward.

    >> I could...

    >
    >I had a look at a grandstream phone that did not work behind a fritzbox as
    >adsl-router. The grandstream phone already had the local sip port changed.
    >So that change in itself isn't the complete solution.


    I've a dozen grandstream phones behind this one - however they're
    fronted by an asterisk box using IAX to trunk in/out and that works fine
    - but what I want to do is remote the sipgate account from the FritzBox,
    and transfer it to the asterisk box (before eventually porting it into
    my VoIP platform - then it'll be IAX and not a problem)

    >> Double Hmm.. I've just done a backup of the config and noticed all the
    >> built-in forwarding in the text file.. There's some intersting stuff in
    >> there.

    >
    >> But there's also forwarding/firewall rules for port 5060. I wonder if I
    >> can change it and upload it back to the router... Hm. it would be good
    >> if I can, as I can then add the IAX port into the traffic shaper...

    >
    >> Watch this space :)

    >
    >I will. The problem isn't affecting me but I know at least one person who
    >would like 'sip phone behind fritzbox' to work normally.


    I need to do this at a point in time when, if I screw it up, I can go to
    the client site and hopefully reset it..

    Anyone know how to get the ADSL username & password out of one?

    Maybe this weekend...

    Gordon
    Gordon Henderson, Oct 14, 2008
    #6
  7. Gordon Henderson

    alexd Guest

    On Tue, 14 Oct 2008 19:29:32 +0000, Gordon Henderson wrote:

    > Anyone know how to get the ADSL username & password out of one?


    If the password is starred out in the web frontend, install the Firefox
    Web Developer toolbar, click Forms > Show Passwords, et voila.

    --
    <http://ale.cx/> (AIM:troffasky) ()
    21:46:50 up 10 days, 10:43, 1 user, load average: 0.16, 0.08, 0.05
    They call me titless because I have no tits
    alexd, Oct 14, 2008
    #7
  8. In article <48f50573$0$504$>,
    alexd <> wrote:
    >On Tue, 14 Oct 2008 19:29:32 +0000, Gordon Henderson wrote:
    >
    >> Anyone know how to get the ADSL username & password out of one?

    >
    >If the password is starred out in the web frontend, install the Firefox
    >Web Developer toolbar, click Forms > Show Passwords, et voila.


    Doesn't work, alas.

    It seems to use some funky javascript to hide them.

    In the backup configuration file, they're stupidly long strings - a bit
    like a few md5 checksums concatenated, so I'm guessing they're encrypted
    somehow.

    Gordon
    Gordon Henderson, Oct 14, 2008
    #8
  9. Gordon Henderson

    theFug Guest

    On 14 okt, 22:05, Gordon Henderson <> wrote:
    > In article <48f50573$0$504$>,
    >
    > alexd  <> wrote:
    > >On Tue, 14 Oct 2008 19:29:32 +0000, Gordon Henderson wrote:

    >
    > >> Anyone know how to get the ADSL username & password out of one?

    >
    > >If the password is starred out in the web frontend, install the Firefox
    > >Web Developer toolbar, click Forms > Show Passwords, et voila.

    >
    > Doesn't work, alas.
    >
    > It seems to use some funky javascript to hide them.
    >
    > In the backup configuration file, they're stupidly long strings - a bit
    > like a few md5 checksums concatenated, so I'm guessing they're encrypted
    > somehow.
    >
    > Gordon


    A Fritz!box isn't made for using an ata/voip/ip device together i
    guess, and it manages it's own voip/sip traffic,(only for one IP/MAC
    address)
    (lucky you) the only good way to use an other ATA/IP device with it,
    is to set the Fritz! in bridge mode,(if possible) but i guess, the ATA
    function of the Fritz!,
    is by doing so, switced off !
    theFug, Nov 5, 2008
    #9
  10. Gordon Henderson

    Ivor Jones Guest

    In news:,
    theFug <> typed, for some strange, unexplained reason:

    [snip]

    : A Fritz!box isn't made for using an ata/voip/ip device together i
    : guess, and it manages it's own voip/sip traffic,(only for one IP/MAC
    : address)
    : (lucky you) the only good way to use an other ATA/IP device with it,
    : is to set the Fritz! in bridge mode,(if possible) but i guess, the ATA
    : function of the Fritz!,
    : is by doing so, switced off !

    I've had a couple of Sipura SPA devices (2000 and 1001) working fine
    behind two different Fritz!Boxes for years with no problems.

    Ivor
    Ivor Jones, Nov 5, 2008
    #10
  11. Gordon Henderson

    Brian A Guest

    Ivor Jones wrote:
    > In news:,
    > theFug <> typed, for some strange, unexplained reason:
    >
    > [snip]
    >
    > : A Fritz!box isn't made for using an ata/voip/ip device together i
    > : guess, and it manages it's own voip/sip traffic,(only for one IP/MAC
    > : address)
    > : (lucky you) the only good way to use an other ATA/IP device with it,
    > : is to set the Fritz! in bridge mode,(if possible) but i guess, the ATA
    > : function of the Fritz!,
    > : is by doing so, switced off !
    >
    > I've had a couple of Sipura SPA devices (2000 and 1001) working fine
    > behind two different Fritz!Boxes for years with no problems.
    >
    > Ivor
    >

    I find the same as Ivor (see an earlier post I made today). My Fritzbox
    has an SPA-3000 connected to it. When I am on a phone call the web
    browsing slows down. I have cable 2Mb/s broadband. The QoS works very
    well indeed. I have never had any poor call quality due to a concurrent
    download.
    Brian A, Feb 28, 2009
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ivor Jones

    New firmware for AVM Fritz!Box Fon

    Ivor Jones, Jan 27, 2006, in forum: UK VOIP
    Replies:
    9
    Views:
    2,661
    Ivor Jones
    Mar 4, 2006
  2. Stu

    AVM: Fritz!Box Fon 7140

    Stu, Nov 4, 2006, in forum: UK VOIP
    Replies:
    7
    Views:
    699
    Ivor Jones
    Nov 7, 2006
  3. ugurunnu
    Replies:
    0
    Views:
    1,710
    ugurunnu
    Nov 6, 2007
  4. Ivor Jones
    Replies:
    4
    Views:
    501
    Ivor Jones
    Aug 18, 2008
  5. Gordon Henderson
    Replies:
    1
    Views:
    576
    Brian A
    Aug 17, 2008
Loading...

Share This Page