Newbie Question - about using a DECT SIP phone and port forwarding ?

Discussion in 'UK VOIP' started by Roger Baker, Jan 28, 2007.

  1. Roger Baker

    Roger Baker Guest

    Could any kind soul please explain something to a total newbie.

    I am considering getting the Samsung C460IP DECT VOIP phone. I already
    have an account with I believe that the C460IP can be used
    with the DHCP server in my ADSL Modem/Router to have an IP address on
    my local network dynamically allocated. So far so good.

    Having studied this group for some months I see posts about forwarding
    some of the usual SIP ports to ATA's like the PAP2. Ports such as 5060
    and 5061 seem common. If the Samsung phone obtains a dynamically
    allocated IP address, is there still a need for port forwarding from
    the router?

    I can understand that if I give the Samsung phone a static address
    then I can set the port forwarding in my router, but how does this
    work with a local dynamic IP?

    Thanks for any info.

    Roger Baker, Jan 28, 2007
    1. Advertisements

  2. Roger Baker

    Brian A Guest

    These are two different things. On the IP side there is NAT. This is
    where the local IP, no matter how it is generated, fixed or DHCP, is
    translated to one which will connect you to the internet.
    Ports are different. Yes, some may need to be forwarded but these are
    not IP addresses. Whatever the method of IP allocation the port
    numbers remain the same. If your phone is connecting into your router
    then the port forwarding will apply just the same whether the IP is
    dynamically assigned or fixed.
    Remove 'no_spam_' from email address.
    Brian A, Jan 28, 2007
    1. Advertisements

  3. Roger Baker

    Brian Guest

    Samsung? Should that not be Siemens?
    The C460IP has support for STUN. Use a STUN server. If the only calls to
    be received are on a line registered to then that makes port
    forwarding unnecessary.

    Brian, Jan 28, 2007
  4. port forwarding is in general not required as the STUN protocol works
    around the NAT.

    The phone (Siemens ?) registers to the SIP provider and makes a
    connection through the NAT firewall, incoming calls are signalled
    through that connection.

    Phil Thompson, Jan 28, 2007
  5. Roger Baker

    Roger Baker Guest

    Thanks for the info Brian. The thing that has me confused is that on
    my D-Link 504 modem-router it allows me to set up port forwarding.
    Basically, it allows me to set any Internet port to forward to a local
    IP on my LAN. So, for example, I could set the router to forward any
    incoming data on port 5060 to, which is my existing PAP2.
    I know that a port is not an IP, but I am succeeding in confusing
    myself here.

    Am I barking up the wrong tree here?

    Roger Baker, Jan 28, 2007
  6. you could, but you don't need to. The above would be helpful if
    unsolicited data arrived at your IP destined for the PAP2 but isn't
    necessary if the PAP2 has STUN running and registered as the data will
    arrive in a form expected by the NAT firewall and automagically sent
    to the PAP2.

    An analogy is a web browser, you don't have to port forward web
    traffic to the client PC as it was requested by the browser and comes
    as part of an existing session so gets routed accordingly.

    Phil Thompson, Jan 28, 2007
  7. Roger Baker

    Roger Baker Guest

    Thank you very much Phil for the insight.

    Just one final question. What would be the address and port number of
    a good STUN server to use?

    Many thansk,

    Roger Baker, Jan 29, 2007
  8. Roger Baker

    Brian Guest

    You could ask whether they have one, but meanwhile there is

    Brian, Jan 29, 2007
  9. Roger Baker

    Tim Guest is a decent service provider.

    You don't ever need to do any port forwarding with them. Doing port
    forwarding is actually quite likely to mess it up.

    Providing your nat/router is fairly standard, it will just work.

    Tim, Jan 30, 2007
  10. Roger Baker

    Tim Guest

    Just never ever ever ever use Stun.

    It just doesn't help. We've moved on a bit since 2001 :)

    Using stun with will probably break more things than in helps.

    Tim, Jan 30, 2007
  11. Roger Baker

    Brian Guest

    I'm intrigued by this advice. I cannot say I am perplexed because that
    would require me to have a good understanding of how STUN works. And I

    Is it possible for you to expand on the reasons for avoiding the use of
    STUN? Is it applicable for all situations or only when a VoIP provider
    is involved?

    Brian, Jan 31, 2007
  12. Roger Baker

    Tim Bray Guest

    First, a little background.

    When I wrote my original post, I had spent part of the afternoon with a
    senior employee of a well known voip provider. Who said `One of our
    biggest problems is customers who put a stun server setting in or who
    insist it won't work without Stun`

    [sorry for the vague wording, but I know lots about how most of the
    major voice networks are setup, and I try not expose commercially
    sensitive information]


    Why Stun is a bad idea in a modern voip network.

    How Stun works.

    You have a device behind a NAT router on a private IP address.

    The idea for a phone to work out what is the public IP address on the
    outside of the NAT router. The phone then uses this IP address in the
    via parts of SIP messages and in the SDP packets.

    The problem is, this will only work for certain kinds of NAT devices.
    The ones that don't do very much checking on inbound packets. On most
    routers, stun doesn't help at all. Sometime it can make things appear
    worse by letting your SIP registration work, but then call audio will be
    in one direction.

    But, most SIP service providers deploy Session Border Controllers, or a
    B2BUA that is completely symmetric. These will work for almost any nat
    with no faffing around.

    They usually work by comparing the IP address in the via line with the
    IP address and port the packet was actually received from. Also, the
    server can check whether the presented IP address is a private IP
    address, as defined by RFC 1918.

    The SIP server can make informed choices about what to do, based on
    whether it thinks the client is behind a NAT.

    When a stunned client connects, the SIP server believes the device is on
    a public IP address. The device may actually be behind a symmetric
    nat, where the stun is not going to help the device make successful calls.

    In summary

    1) If you take installations in the wild - an average ADSL router in an
    average house or small business, stun is very unlikely to work because
    the router will still block the incoming RTP.

    2) Stun can stop SIP servers nat traversal systems working.

    If a SIP service provider suggests Stun as a nat traversal option, then
    they are having a laugh.

    Use a decent SIP provider with session border controllers, or just get a
    public IP address for your SIP phone.

    Personally, Stun feels so like a 2002 protocol, and we've moved on a
    long way since then.

    There is a thing called ICE, which does help for NAT traversal, but it
    isn't widely implemented.

    I hope this explains in a useful way. Brain is a bit tired now.

    Tim Bray, Feb 7, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.