Problem (I think) with C475IP and firewall

Discussion in 'UK VOIP' started by tinnews@isbd.co.uk, Feb 23, 2009.

  1. Guest

    I *seem* to have a problem with my Siemens C475IP and my Draytek Vigor
    2820n firewall. I suspect I may be suffering from the effects of
    changing things and forgetting how they might affect the VOIP.

    I have recently changed to using dnsmasq in my Linux box for DNS and
    DHCP, this has various advantages for me, the C475IP seems to work OK
    with it and tells dnsmasq that its name id C475IP which is OK by me.
    (I think the C475IP obtained its IP dynamically before though, from
    the 2820n which used to have its DHCP server turned on)

    I can successfully get to the web configuration of the C475IP so it is
    connected to the LAN OK.

    Until a while ago both SipDiscount and Sipgate were set up and
    functioning OK on the C475IP, now neither of them works, they sit
    obstinately with the status at "Server not accessible". According to
    the C475IP manual this means that the C475IP can't access the outside
    world at all. This suggests to me that I have screwed up the firewall
    settings somehow but I can't see anything wrong at the moment. However
    I *may* have changed something without realising that it was to do
    with VOIP as we don't use the VOIP frequently enough to notice a
    problem immediately.

    What does VOIP require in terms of 'holes' through the firewall? I'm
    currently set up so that *anything* outgoing (LAN -> WAN) is allowed
    except for BIOS ports. So the C475IP should be able to send packets.
    Do I need to explicitly allow incoming data (as opposed to replies) on
    the VOIP ports as well? Would this prevent the C475IP registering?

    --
    Chris Green
     
    , Feb 23, 2009
    #1
    1. Advertising

  2. Guest

    Jono <> wrote:
    > laid this down on his screen :
    > > I *seem* to have a problem with my Siemens C475IP and my Draytek Vigor
    > > 2820n firewall. I suspect I may be suffering from the effects of
    > > changing things and forgetting how they might affect the VOIP.
    > >
    > > I have recently changed to using dnsmasq in my Linux box for DNS and
    > > DHCP, this has various advantages for me, the C475IP seems to work OK
    > > with it and tells dnsmasq that its name id C475IP which is OK by me.
    > > (I think the C475IP obtained its IP dynamically before though, from
    > > the 2820n which used to have its DHCP server turned on)
    > >
    > > I can successfully get to the web configuration of the C475IP so it is
    > > connected to the LAN OK.
    > >
    > > Until a while ago both SipDiscount and Sipgate were set up and
    > > functioning OK on the C475IP, now neither of them works, they sit
    > > obstinately with the status at "Server not accessible". According to
    > > the C475IP manual this means that the C475IP can't access the outside
    > > world at all. This suggests to me that I have screwed up the firewall
    > > settings somehow but I can't see anything wrong at the moment. However
    > > I *may* have changed something without realising that it was to do
    > > with VOIP as we don't use the VOIP frequently enough to notice a
    > > problem immediately.
    > >
    > > What does VOIP require in terms of 'holes' through the firewall? I'm
    > > currently set up so that *anything* outgoing (LAN -> WAN) is allowed
    > > except for BIOS ports. So the C475IP should be able to send packets.
    > > Do I need to explicitly allow incoming data (as opposed to replies) on
    > > the VOIP ports as well? Would this prevent the C475IP registering?

    >
    > You shouldn't need to open any inbound ports; certainly not for
    > Sipgate.
    >
    > Double check your settings on the page
    > http://IPofSiemens/settings_lan.html.


    That just sets dynamic or static IP for the C475IP doesn't it? It has
    always been set for dynamic, i.e. "IP address type" is "Obtained
    automatically". No proxies or anything else like that.

    Try opendns server addresses
    > 208.67.222.222 & 208.67.220.220
    >

    DNS is fine:-

    chris@lounge:~$ host sip.sipdiscount.com
    sip.sipdiscount.com has address 194.221.62.198
    sip.sipdiscount.com has address 194.120.0.198
    chris@lounge:~$ host sipgate.co.uk
    sipgate.co.uk has address 217.10.79.23
    sipgate.co.uk mail is handled by 10 ASPMX2.GOOGLEMAIL.COM.
    sipgate.co.uk mail is handled by 10 ASPMX3.GOOGLEMAIL.COM.
    sipgate.co.uk mail is handled by 10 ASPMX4.GOOGLEMAIL.COM.
    sipgate.co.uk mail is handled by 10 ASPMX5.GOOGLEMAIL.COM.
    sipgate.co.uk mail is handled by 1 ASPMX.L.GOOGLE.COM.
    sipgate.co.uk mail is handled by 5 ALT1.ASPMX.L.GOOGLE.COM.
    sipgate.co.uk mail is handled by 5 ALT2.ASPMX.L.GOOGLE.COM.


    I've rechecked all my settings on the C475IP and can't see anything
    amiss. I auto-configured the Sipgate one from Siemens and it agrees
    with what I had anyway. Still "Server not accessible". :-(

    Even the Gigaset.net connection says "Server not accessible".

    I'm wondering if someone (i.e. my ISP) has blocked port 5060. I'll ask.

    --
    Chris Green
     
    , Feb 23, 2009
    #2
    1. Advertising

  3. In article <49a280fd$0$514$>,
    <> wrote:
    >I *seem* to have a problem with my Siemens C475IP and my Draytek Vigor
    >2820n firewall. I suspect I may be suffering from the effects of
    >changing things and forgetting how they might affect the VOIP.


    So what did you change :)

    >I have recently changed to using dnsmasq in my Linux box for DNS and
    >DHCP, this has various advantages for me, the C475IP seems to work OK
    >with it and tells dnsmasq that its name id C475IP which is OK by me.
    >(I think the C475IP obtained its IP dynamically before though, from
    >the 2820n which used to have its DHCP server turned on)


    Is the Linux box doing any routing/firewalling, etc. ? or is it just a
    passive host on your LAN, doing DHCP and DNS for you?

    (And I presume you turned DHCP off on the router!)

    You shouldn't need any port-forwards in your router, however, Drayteks
    do have a "SIP ALG" which sometimes gets in the way - or it'll work OK
    with one device, but fail with more than one...

    Telnet to the router (usually 192.168.1.1), login with the routers
    username (admin) and password ... and type the following command:

    sys sip alg 0

    and see if this helps.

    Gordon
     
    Gordon Henderson, Feb 23, 2009
    #3
  4. Guest

    Gordon Henderson <> wrote:
    > In article <49a280fd$0$514$>,
    > <> wrote:
    > >I *seem* to have a problem with my Siemens C475IP and my Draytek Vigor
    > >2820n firewall. I suspect I may be suffering from the effects of
    > >changing things and forgetting how they might affect the VOIP.

    >
    > So what did you change :)
    >
    > >I have recently changed to using dnsmasq in my Linux box for DNS and
    > >DHCP, this has various advantages for me, the C475IP seems to work OK
    > >with it and tells dnsmasq that its name id C475IP which is OK by me.
    > >(I think the C475IP obtained its IP dynamically before though, from
    > >the 2820n which used to have its DHCP server turned on)

    >
    > Is the Linux box doing any routing/firewalling, etc. ? or is it just a
    > passive host on your LAN, doing DHCP and DNS for you?
    >

    No, the router (192.168.1.1) is the default route.

    > (And I presume you turned DHCP off on the router!)
    >

    Yes! :)


    > You shouldn't need any port-forwards in your router, however, Drayteks
    > do have a "SIP ALG" which sometimes gets in the way - or it'll work OK
    > with one device, but fail with more than one...
    >
    > Telnet to the router (usually 192.168.1.1), login with the routers
    > username (admin) and password ... and type the following command:
    >
    > sys sip alg 0
    >
    > and see if this helps.
    >

    chris$ telnet 192.168.1.1
    Trying 192.168.1.1...
    Connected to 192.168.1.1.
    Escape character is '^]'.


    Password: ********

    Type ? for command help

    > sys sip alg 0

    % Too many inputs !!!

    >


    Aha! You meant "sys sip_alg 0", I've done that, I'll go and check the C475IP.

    It doesn't seem to have made any difference.

    I'm going to power cycle the C475IP, see if that does anything for me.


    --
    Chris Green
     
    , Feb 23, 2009
    #4
  5. Guest

    wrote:
    > >
    > > Telnet to the router (usually 192.168.1.1), login with the routers
    > > username (admin) and password ... and type the following command:
    > >
    > > sys sip alg 0
    > >
    > > and see if this helps.
    > >

    > chris$ telnet 192.168.1.1
    > Trying 192.168.1.1...
    > Connected to 192.168.1.1.
    > Escape character is '^]'.
    >
    >
    > Password: ********
    >
    > Type ? for command help
    >
    > > sys sip alg 0

    > % Too many inputs !!!
    >
    > >

    >
    > Aha! You meant "sys sip_alg 0", I've done that, I'll go and check the C475IP.
    >
    > It doesn't seem to have made any difference.
    >
    > I'm going to power cycle the C475IP, see if that does anything for me.
    >

    Aaaahhhhh!!!! That's fixed it, typical. The reason I hadn't tried it
    before is because I'm a lazy git, the C475IP is high up in the house
    and rather inaccessible. It's a pity there's no reset from the web
    configuration.

    Anyway, all registered happily now. Sorry for the interruption folks.

    --
    Chris Green
     
    , Feb 23, 2009
    #5
  6. In article <49a2a1a2$0$505$>,
    <> wrote:

    >Aaaahhhhh!!!! That's fixed it, typical. The reason I hadn't tried it
    >before is because I'm a lazy git, the C475IP is high up in the house
    >and rather inaccessible. It's a pity there's no reset from the web
    >configuration.


    Good!

    I've whinged at Siemens before about the lack of reboot on them and they
    realyl do need it. I now supply *ALL* Siemens units with a 24-hour plug-in
    timer to power them off at about 4am and back on about 15 minutes later...

    Gordon
     
    Gordon Henderson, Feb 23, 2009
    #6
  7. Guest

    Gordon Henderson <> wrote:
    > In article <49a2a1a2$0$505$>,
    > <> wrote:
    >
    > >Aaaahhhhh!!!! That's fixed it, typical. The reason I hadn't tried it
    > >before is because I'm a lazy git, the C475IP is high up in the house
    > >and rather inaccessible. It's a pity there's no reset from the web
    > >configuration.

    >
    > Good!
    >
    > I've whinged at Siemens before about the lack of reboot on them and they
    > realyl do need it. I now supply *ALL* Siemens units with a 24-hour plug-in
    > timer to power them off at about 4am and back on about 15 minutes later...
    >

    That's a good idea, we have lots of unused timers floating around, I
    could even turn it off for a bit longer and save at least 1p per week.

    --
    Chris Green
     
    , Feb 23, 2009
    #7
  8. Tim Guest

    Gordon Henderson wrote:
    >
    > I've whinged at Siemens before about the lack of reboot on them and they
    > realyl do need it. I now supply *ALL* Siemens units with a 24-hour plug-in
    > timer to power them off at about 4am and back on about 15 minutes later...
    >


    Mine hasn't been rebooted since November and is still working nicely :)


    Tim
     
    Tim, Feb 24, 2009
    #8
  9. In article <49a343c0$0$512$>,
    Tim <> wrote:
    >Gordon Henderson wrote:
    >>
    >> I've whinged at Siemens before about the lack of reboot on them and they
    >> realyl do need it. I now supply *ALL* Siemens units with a 24-hour plug-in
    >> timer to power them off at about 4am and back on about 15 minutes later...
    >>

    >
    >Mine hasn't been rebooted since November and is still working nicely :)


    Once bitten... I suspect it's all to do with call volume too. I rarely
    reboot my own one, but my first real deployment was to a place who were
    making/taking a call every 5 minutes... A few days ofthat and they's
    lose registration & need rebooting.


    Gordon
     
    Gordon Henderson, Feb 24, 2009
    #9
  10. Guest

    Gordon Henderson <> wrote:
    > In article <49a343c0$0$512$>,
    > Tim <> wrote:
    > >Gordon Henderson wrote:
    > >>
    > >> I've whinged at Siemens before about the lack of reboot on them and they
    > >> realyl do need it. I now supply *ALL* Siemens units with a 24-hour plug-in
    > >> timer to power them off at about 4am and back on about 15 minutes later...
    > >>

    > >
    > >Mine hasn't been rebooted since November and is still working nicely :)

    >
    > Once bitten... I suspect it's all to do with call volume too. I rarely
    > reboot my own one, but my first real deployment was to a place who were
    > making/taking a call every 5 minutes... A few days ofthat and they's
    > lose registration & need rebooting.
    >

    It does *seem* to be traffic related. Ours had stayed connected for
    months until recently and then we had a flurry of calls to the USA
    which we did via VOIP. It's just since those calls that I found it
    failing to connect which is what started this thread.

    --
    Chris Green
     
    , Feb 24, 2009
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tim Bray

    Siemens C475IP

    Tim Bray, Mar 28, 2008, in forum: UK VOIP
    Replies:
    25
    Views:
    2,281
    Ian Pawson
    Apr 30, 2008
  2. Replies:
    2
    Views:
    480
  3. Replies:
    3
    Views:
    650
    TheFug
    Apr 11, 2008
  4. PAJ
    Replies:
    13
    Views:
    1,166
  5. Ian Pawson

    Gigaset C475IP firmware

    Ian Pawson, Jan 18, 2009, in forum: UK VOIP
    Replies:
    2
    Views:
    851
    Ian Pawson
    Jan 19, 2009
Loading...

Share This Page