Need a bit help while brainstorming.
My setup is Vodafone cable → FritzBox 6591 (exposed host) → IPfire → green network → Windows 10 client with WinSIP.
Goal is to use WinSIP for phoning of course outgoing and incoming via the FritzBox.
I’ve successfully set up WinSIP and are connected to the FritzBox, after adding a new firewall rule. The rule allows, for testing purposes right now, all ports of my Windows10 host to connect to the red network.
So basically I can start a call drom WinSIP to any external number. Unfortunately the target number does not hear me nor do I hear any voice on my side.
Next issue: when an external call arrives using the configure SIP phone number, WinSIP does not notice this call.
This leads to my assumption that the Fritzbox and IPFire don’t forward certain ports, I assume 5060 and maybe 5061?
If this is true, how would I’ve to setup a firewall rule that any SIP call, is forwarded to my Windows10, or WinSIP client?
Is this a common setup? Will this probably open any security holes to my Windows client, similar when opening port 80 and forwarding to any webserver behind Fritzbox and IPFire?
So anyone having a similar setup and can share their experiences?
Thanks, Michael
I use a combination of IPFire, Fritzbox and a SIP Software too and had similar problems. Maybe I can help you.
My set-up: Internet — Cable modem (bridge) — IPFire ---- Fritzbox
In my case the problem was that after IPFire dropped the ALG feature, after a short period of time port 5060 or 5061 got cut-off so incoming calls didn’t pass through IPFire. Therefore the phones attached to Fritzbox didn’t ring.
So I needed to tell Fritzbox to keep the connection alive every 30 seconds or so. And I got help in this community. All I needed to do is (on Fritzbox): Eigene Rufnummern → Anschlusseinstellungen → Portweiterleitung des Internet-Routers für Telefonie aktiv halten. → 30 Sek.
And the best thing: No portforwarding, no pinholes, no rules necessary to set up on IPFire. Works fantastic. Fritzbox connects to the phone provider and keeps the connection alive.
So if you have your Fritzbox behind IPFire on the green side, this might do the trick for you too.
I knew this posting already, thanks anyway for linking, and have read about those issues with ALG, however, my setup differs slightly and this maybe the cause of the problems I’m facing right now, although I guess it’s not uncommon and I still hope it can be solved in any way.
I’ve chosen my setup, FritzBox 6591 as cable modem (before IPFire) because I could setup my phone device to get dedicated numbers and answer accordingly.
If I put the FritzBox behind a provider modem, I must plug in my phone line into a single plug in to the cable mode and all internal phones ring by any incoming call.
While my current setup works now for DECT devices, I now see some issues with SIP phone software.
The FritzBox can be seen from internal device although it is before the IPFire box. It has the IP-address 172.17.0.1 so I’m using this address as the SIP server in e.g. software MicroSIP. The software can reach out for the FritzBox and login correctly.
The settings you have mentioned, Alain, are not applicable in my case because I do not use any port forwarding from the FritzBox to IPFire. IPFire is setup as an exposed host in the FritzBox and all traffic from WWW get’s unfiltered to IPFire.
For this reason and for testing purposes, I’ve added a new rule from green to red to allow ports 5060 and 5061. But his is only a one way for IMO outgoing calls. Although I cannot hear myself speaking and cannot hear the person on the target talking to me - guess this is another story.
What’s more: any incoming calls at my dedicated SIP number does not reach my Windows PC. I bet another FW rule has to be set in place: RED (5060-5061) to my host. So, I will give this a try now
So without adding any rules to the firewall, I can call any external phone number as well as seeing any incoming call on the SIP client, running on my local PC.
FYI, I’ve changed some settings in MicroSIP, the client SIP software I’m using and out of a sudden, I see those above mentioned calls.
BUT, the target cannot hear me or vice versa. Guess some ports are still missing since no audio is transmitted so far…
Just a question: Do you connect your PC with MicroSIP to your Fritzbox or to your phone provider? I mean is Microsip talking to your fritzbox or directly to your phone company?
I connect MicroSIP to the FritzBox which opens the connection to Vodafone.
However, I now could solve this issue. I had to add one single FW rule to get this running:
Source: Hosts = Windows PC with MicroSIP
no NAT
Destination: Hosts = FritzBox
Ports: 7078-7110 (UDP), 5060 (TCP), 5060 (UDP), 5061 (TCP), 5061 (UDP)
That’s all and it works now. I can answer incoming calls and can ring to external flawlessly.
I wonder why I do not need DNAT or similar as some have already posted in similar threads, but who cares
