man O man.... still getting blocked,
tried calling my VoIP phone from my cell phone and the traffic was
blocked again by the default drop all rule. below is the log entry
of the blocked traffic.
WAN 216.181.136.7:5065 xx.xx.xx.xx:63792
this after allowing source 216.181.136.7 through my WAN interface
destined for any port and also creating a 1:1 entry as follows:
Interface External IP Internal IP
Description
WAN 216.181.136.7/32 10.0.0.1/32 Allow Incoming VoIP
WTF, shouldn't that be allowed through?
thanks gents.
-phil
On Sep 5, 2008, at 8:12 AM, Paul Mansfield wrote:
BSD Wiz wrote:
ah, i don't have any 1:1 nat entries, or static routes for this
firewall
issue. so when the traffic hits the WAN interface perhaps it's not
always finding it's way to the voip box in the dmz?
i have added a 1:1 mapping as follows:
Interface External IP Internal IP
Description
WAN 216.181.136.7/32 10.0.0.1/32 VoIP Box
where 10.0.0.1/32 is the ip of the DMZ interface.
should that be sufficient?
i can see why some of the traffic was not making it through since
i only
had a rule to allow traffic from 216.181.136.7 but no port
forwarding,
static routes or 1:1 nat entries.
seems reasonable to me, you should know if it's working by testing.
use
tcpdump on firewall, on each interface in turn to see traffic flow...
use "tcpdump -ln port XXX" to limit the amount of traffic you sniff.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
