RT31P2 behind an SBG900 Firewall, need to figure out ports.

Posts: 2 · New Forum Member Joined: Mar 04, 2009 Posts: 2

I've just switched over to cable internet after having DSL for two years. My previous setup had the RT31P2 before the wireless router and firewall, but now I'm using an SBG900 cable modem/wireless router. I then have the ethernet connection going to my RT31P2.

So my RT31P2 is downstream of the firewall.

I spent a good portion of last night on the phone with Vonage help trying to get the phones to work and their official stance is to disable the firewall in the SBG900.

Um... No thanks.

I need to figure out what ports the RT31P2 uses with Vonage so I can make a port forwarding/firewall rule in the SBG900.

The Vonage help guy said Port 53 UDP, 5061 UDP or port range 10000:20000.

I tried both methods and neither method worked.

Anyone have an RT31P2 behind a firewall? What firewall rules did you set up to get it to talk?

Posts: 656 · Posted: Wed Mar 04, 2009 6:44 am Post subject:

The only way Vonage will work properly when used with any SBG series is to disable the firewall. Port forwarding and DMZ does not help. People need to start understanding the purpose of port forwarding and then you will understand why it does not help. But if your unwilling to disable the firewall in the SBG-900, then you may as well just cancel Vonage now because it will never work 100% if you don't. Only other option is to get a standalone modem without a built in router

Posts: 2 · New Forum Member Joined: Mar 04, 2009 Posts: 2

Then help me to understand.

I can have my xbox connect to the internet, send out and make a connection to XBOX Live, receive an incoming connection and transfer data. All of this by using port 88 UDP and 3074 UDP/TCP.

A Vonage phone box will connect to the net using some port and transfer data to and from the Vonage servers.

What makes Vonage different from an XBOX transfer? Is it not still just transferring data through port to a server somewhere?

Posts: 350 · Vonage Forum Evangelist Joined: Dec 04, 2005 Posts: 350

Contrary to popular belief, enabling port forwarding or DMZ does not bypass the firewall. All the data still goes through the firewall (when enabled). The problem is that the SGB900's firewall thinks that the Voip traffic is something that it should block.

The only way around it is to disable to firewall. Doing so does not disable NAT, which is really the thing that keeps your computers safe.

Posts: 656 · Posted: Wed Mar 04, 2009 10:36 am Post subject:

It has nothing to do with the port. The source port of your device for the SIP protocol is 10000. The destination port for the SIP proxy is 10000. The firewall is not blocking based upon IP or port. It is inspecting the packet and does not like the algorithm so it blocks it. This is because it has an Application Layer Gateway which finds the SIP protocol and tries to perform what is believes is a help mechanism but actually breaks it.

Your device will send out a Register every 20 seconds and under normal conditions will get a response back. This what keeps the NAT pinhole open. However, your SBG-900 is not letting the response pass back to the Vonage adapter. This is why port forwarding does nothing to help.

Port forwarding is used when a service is idle and just waiting for a connection. When a packet arrives from outside your NAT firewall on the Public IP, the NAT table will know how to translate that packet back to the Private IP of the host machine for the service because you told it where to go when a certain port was hit on from the outside.

So since the Vonage adapter sends out a Register packet, it is the same as you opening your web browser and going to google.com. Packets are sent out and come back in through the same pinhole. This is why you don't have to forward port 80 to establish an HTTP connection and why it is not needed for Vonage.

However, because your firewall is doing something based upon the SIP protocol, there is nothing Vonage can do to assist you. Should you choose not to completely disable the firewall, the service will not work.

I have been with Vonage for 6 years and am one of the approvers of placing the SBG-900 and SBG-1000 on the problem hardware list and making the only workaround disabling the firewall. This has come from seeing numerous customers over the years run into the same issue when using these modems. Even if by some mystery you were able to get it to register and get dial tone, in a few days, weeks, or months from now, something would trigger the firewall to start blocking SIP again leaving you without dial tone. In addition, the SBG series firewall will also cause no audio or 1 way audio conditions. I assume the difference in the customer experience is the firmware on the SBG modem.