Thank you again.
I didn’t expect such a detailed response on Sunday.
I don’t use exactly the same logic but the results should be the same.
Since this connection only carry VoIp and occasionally the notebook I use for configuration (and I have no remote phones), I choose Block as default rule.
Then, the two first filter rules are :
-
To allow all traffic (pass immediately) from the internal IP of the UCM to the public address of the SIP trunk.
-
To allow all traffic (pass immediately) from the public address of the SIP trunk to any internal IP address.
I tried both writing this public address literally or using an object (which I finally use).
For the first rule, it works normally according to the firewall logs.
But I don’t understand why the firewall block this traffic (for an example):
<134>Jun 9 18:02:59 DrayTek: [FILTER][Block][WAN->LAN/RT/VPN, 79:55:19 ][@S:R=13:1, 94.XXX.XXX.XXX:14506->192.168.XXX.XXX:17762][UDP][HLen=20, TLen=200]
<134>Jun 9 18:02:59 DrayTek: [FILTER][Block][WAN->LAN/RT/VPN, 79:55:19 ][@S:R=13:1, 94.XXX.XXX.XXX:14506->192.168.XXX.XXX:17762][UDP][HLen=20, TLen=200]
<134>Jun 9 18:02:59 DrayTek: [FILTER][Block][WAN->LAN/RT/VPN, 79:55:19 ][@S:R=13:1, 94.XXX.XXX.XXX:14506->192.168.XXX.XXX:17762][UDP][HLen=20, TLen=200]
<134>Jun 9 18:02:59 DrayTek: [FILTER][Block][WAN->LAN/RT/VPN, 79:55:19 ][@S:R=13:1, 94.XXX.XXX.XXX:14506->192.168.XXX.XXX:17762][UDP][HLen=20, TLen=200]
<134>Jun 9 18:02:59 DrayTek: [FILTER][Block][WAN->LAN/RT/VPN, 79:55:19 ][@S:R=13:1, 94.XXX.XXX.XXX:14506->192.168.XXX.XXX:17762][UDP][HLen=20, TLen=200]
I assume the IP addresses are not secret but configuring a firewall seem to push to paranoia and I prefer to hide them with XXX, but it’s really the ones I allow in the second filter rules.
Maybe my problem is in the NAT section.
I read in the manual that the “Open ports” keeps the ports opened forever, which seems dangerous for me, especially because the SIP trunk provider instructions are to open 5060 port and all ports from 10000-60000 with UDP(RTP) protocol, but only from its address.
With “Open ports” option, are ports used open for everyone or for one unique IP address?
Then I use:
-
port redirection for 5060 UDP from the SIP provider address to the internal address of the UCM,
-
port triggering for 10000 to 60.000 ports (both internal and external) from the SIP provider address, but these settings don’t allow me to restrict the triggering to a specific private address.
Maybe that’s my mistake but I don’t want to leave ports open to long if it could be for everyone or if a malicious traffic could send packets which seems to come from popular SIP providers.
I already told you I am a bit paranoiac!
These blocked packets came from and to various ports from the SIP provider address to the UCM address, but more often during the day (probably when phone calls are made).
Whatever, the blocked packets don’t seem to make phone failures and it’s my main concern.
Since you seem to master Draytek configuration, I have another little question: The fiber modem for the internet provider try to discover the private network by sending UDP packets to 239.255.255.250:1900
The default rule blocks them and it’s fine for me, but to make firewall logs easier to read, I tried to create a filter rule which block immediately these packets and unchecked the syslog box.
It doesn’t seem to work since these packets are listed as blocked in the log files.
Thank you again for all your support.
Patrice