I think you're dancing all around the solution :) You need an inbound NAT or port forward for UDP ports 1-65535 pointing to 10.0.0.1.
Alternately, a 1:1 NAT using YOUR external IP, not the IP of the service (ie. 216.181.136.7 in your example below should be whatever your external IP is, not that of Lingo). The internal is still 10.0.0.1 (assuming that's your internal machine doing Lingo VOIP). --Bill On Fri, Sep 5, 2008 at 9:17 PM, BSD Wiz <[EMAIL PROTECTED]> wrote: > man O man.... still getting blocked, > > tried calling my VoIP phone from my cell phone and the traffic was blocked > again by the default drop all rule. below is the log entry of the blocked > traffic. > > > WAN 216.181.136.7:5065 xx.xx.xx.xx:63792 > > > > this after allowing source 216.181.136.7 through my WAN interface destined > for any port and also creating a 1:1 entry as follows: > > Interface External IP Internal IP Description > > > WAN 216.181.136.7/32 10.0.0.1/32 Allow Incoming VoIP > > > > WTF, shouldn't that be allowed through? > > thanks gents. > > -phil > > On Sep 5, 2008, at 8:12 AM, Paul Mansfield wrote: > >> BSD Wiz wrote: >>> >>> ah, i don't have any 1:1 nat entries, or static routes for this firewall >>> issue. so when the traffic hits the WAN interface perhaps it's not >>> always finding it's way to the voip box in the dmz? >>> >>> i have added a 1:1 mapping as follows: >>> >>> Interface External IP Internal IP >>> Description >>> >>> WAN 216.181.136.7/32 10.0.0.1/32 VoIP Box >>> >>> >>> >>> where 10.0.0.1/32 is the ip of the DMZ interface. >>> >>> should that be sufficient? >>> >>> i can see why some of the traffic was not making it through since i only >>> had a rule to allow traffic from 216.181.136.7 but no port forwarding, >>> static routes or 1:1 nat entries. >> >> seems reasonable to me, you should know if it's working by testing. use >> tcpdump on firewall, on each interface in turn to see traffic flow... >> use "tcpdump -ln port XXX" to limit the amount of traffic you sniff. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
