Skip to main content

Using VoIP with SmoothWall

I’ve been playing with SmoothWall Express (Polar) recently and am generally pretty impressed.  However, my Linksys SPA921 IP Phone hadn’t been working.  I decided to turn my attention to it today.

The phone wouldn’t give a dial tone at all unless I used the “SIP Proxy” option in SmoothWall, however, that wouldn’t allow any outgoing calls.  I tried creating various exceptions in the firewall, even setting the phone to be an “always allowed machine”, all to no avail.

Then I hit on the solution… I had a BT ADSL router connecting to the internet performing NAT, the SmoothWall connected to this performing NAT, and the IP Phone connecting to the SmoothWall as shown in the diagram below:

image

SIP doesn’t appear to play nicely with this double-NAT arrangement.  So I changed the WAN configuration on my BT ADSL router to run in “Bridged” mode and then configured the “Red” (internet) interface on the SmoothWall to run in PPPoE mode.  This required configuring the BT broadband username and password settings in the “PPP” section of “Networking”, then navigating to “Home” and hitting “Connect”.  I couldn’t believe it, it actually worked!  To refine things I disconnected, went back into “PPP” and ticked the “Persistent connection” and “Connect on SmoothWall restart” tick boxes and then re-connected.  This diagram shows the new setup:

image

This didn’t even require any exceptions in the firewall configuration or the use of SIP proxy.

I hope this helps you.

UPDATE: I had to add an outgoing firewall rule to allow a port range from 10000 to 20000.  I had been able to call but hadn’t properly tested actual sound over the link.  So it appears that SIP was getting through but not RTP.  Getting full call functionality required opening the aforementioned port range.

Comments

H. Abrantes said…
icaro.aquino@hotmail.com
9 December 2009 at 14:03
obovsem said…
Make Cheap International Calls Using VOIP. Voip review - Choose The Best One For You. voip providers - Compare
4 January 2010 at 09:10
Kate Dunkin said…
This was a great read! I was just talking with a coworker about voip providers, I'm going to have to show her this. Thank you for sharing this with us it was very interesting and informative!
27 December 2012 at 21:04
Anonymous said…
i think you may have to add input and output from 10k to 20k ports.
27 June 2016 at 08:54
Post a Comment

Popular posts from this blog

Resolve WSUS Server issue that gives "Cannot save configuration because the server is still processing"

This is a pretty infuriating error and can sometimes crop up as a result of running a "wsusutil reset" command. First of all, give the server some time, and then a bit more...  but you've probably already done this. These steps may help to resolve the situation: - Install Microsoft SQL Management Studio (free download) - Run SQL Management Studio and start to connect to the WSUS database - Enter this in the "Server Name" box:  \\.\pipe\MICROSOFT##WID\tsql\query - Expand the "Databases" tree - Right-click on "SUSDB" and choose "New Query" - Paste this query in:     UPDATE tbSingletonData     SET ResetStateMachineNeeded = 0 - You should see a message like "1 row affected", which is good - Quit SQL Management Studio - Open "Services" and restart the "WSUS Service" - Now, open WSUS
Post a Comment
Read more

Convert Ruckus AP from Unleashed to ZoneDirector-managed

Here is the method to convert a Ruckus Unleashed AP to one which can be managed by a Ruckus ZoneDirector controller: - Login to https://support.ruckuswireless.com/ - Click "Downloads" - Choose the correct product, e.g. Ruckus R550 - Choose a "standalone" version along the lines of 118.2.0.0.875.bl7 or something similar - Agree to terms and download the software - Connect to the AP's IP address - It should open the setup wizard, showing "Unleashed Installation" - Click "Local Upgrade" - Choose the firmware image file you just downloaded - It will upload, process, and then be ready for upgrade when you click "Yes" - After this, the ZD should detect the new AP - The new AP will then need to be approved - The new AP will then be upgraded to the correct software by the ZD - The new AP will then reboot and should be ready to use - Don't forget that, for the ZD to even detect, let alone manage the new AP, it must have enough licenses
Post a Comment
Read more

DNS Dynamic Updates & DNS Scavenging

I was encountering an issue at a customer's site where the DNS records of their client PCs often would be behind or out of sync with the records in DHCP.  Usually the IP address would be older in DNS and this was causing issues with scripts executing and network tools correctly resolving client PC hostnames to their correct IP addresses. I realised I needed to make some changes to their dynamic DNS updating configuration.  After a lot of reading through Microsoft's documentation and various online forums, this is what I ended up configuring.  Hopefully this may help someone, some day: - Make the DHCP server a member of the "DnsUpdateProxy" group -  Create a new user account, in the "Users" OU, called "dnsdynamicupdates"   - This new user only needs to be a member of the "Domain Users" group - no special privileges   - Make the password strong and set it to never expire - Set this new user as the credentials used by the DCHP server in IPv4...
Post a Comment
Read more