Newbie Question - about using a DECT SIP phone and port forwarding ?

Could any kind soul please explain something to a total newbie.

I am considering getting the Samsung C460IP DECT VOIP phone. I already
have an account with voip.co.uk. I believe that the C460IP can be used
with the DHCP server in my ADSL Modem/Router to have an IP address on
my local network dynamically allocated. So far so good.

Having studied this group for some months I see posts about forwarding
some of the usual SIP ports to ATA's like the PAP2. Ports such as 5060
and 5061 seem common. If the Samsung phone obtains a dynamically
allocated IP address, is there still a need for port forwarding from
the router?

I can understand that if I give the Samsung phone a static address
then I can set the port forwarding in my router, but how does this
work with a local dynamic IP?

Thanks for any info.

Roger.

On Sun, 28 Jan 2007 09:07:01 +0000, Roger Baker <me@privacy.net>
wrote:

>Could any kind soul please explain something to a total newbie.
>
>I am considering getting the Samsung C460IP DECT VOIP phone. I already
>have an account with voip.co.uk. I believe that the C460IP can be used
>with the DHCP server in my ADSL Modem/Router to have an IP address on
>my local network dynamically allocated. So far so good.
>
>Having studied this group for some months I see posts about forwarding
>some of the usual SIP ports to ATA's like the PAP2. Ports such as 5060
>and 5061 seem common. If the Samsung phone obtains a dynamically
>allocated IP address, is there still a need for port forwarding from
>the router?
>
>I can understand that if I give the Samsung phone a static address
>then I can set the port forwarding in my router, but how does this
>work with a local dynamic IP?
>
>Thanks for any info.
>
>Roger.
These are two different things. On the IP side there is NAT. This is
where the local IP, no matter how it is generated, fixed or DHCP, is
translated to one which will connect you to the internet.
Ports are different. Yes, some may need to be forwarded but these are
not IP addresses. Whatever the method of IP allocation the port
numbers remain the same. If your phone is connecting into your router
then the port forwarding will apply just the same whether the IP is
dynamically assigned or fixed.
Remove 'no_spam_' from email address.

On 2007-01-28, Roger Baker <me@privacy.net> wrote:

> Could any kind soul please explain something to a total newbie.
>
> I am considering getting the Samsung C460IP DECT VOIP phone. I already
> have an account with voip.co.uk. I believe that the C460IP can be used
> with the DHCP server in my ADSL Modem/Router to have an IP address on
> my local network dynamically allocated. So far so good.

Samsung? Should that not be Siemens?

> Having studied this group for some months I see posts about forwarding
> some of the usual SIP ports to ATA's like the PAP2. Ports such as 5060
> and 5061 seem common. If the Samsung phone obtains a dynamically
> allocated IP address, is there still a need for port forwarding from
> the router?

The C460IP has support for STUN. Use a STUN server. If the only calls to
be received are on a line registered to voip.co.uk then that makes port
forwarding unnecessary.

Brian.

On Sun, 28 Jan 2007 09:07:01 +0000, Roger Baker <me@privacy.net>
wrote:

>I can understand that if I give the Samsung phone a static address
>then I can set the port forwarding in my router, but how does this
>work with a local dynamic IP?

port forwarding is in general not required as the STUN protocol works
around the NAT.

The phone (Siemens ?) registers to the SIP provider and makes a
connection through the NAT firewall, incoming calls are signalled
through that connection.

Phil
--

Usenet spam eaten by a Hamster http://www.tglsoft.de/
No more cable clowns :-))
Please do not feed or re-quote the trolls.

On Sun, 28 Jan 2007 10:01:20 GMT, Brian A
<no_spam_bca1000@hotmail.com> wrote:

>These are two different things. On the IP side there is NAT. This is
>where the local IP, no matter how it is generated, fixed or DHCP, is
>translated to one which will connect you to the internet.
>Ports are different. Yes, some may need to be forwarded but these are
>not IP addresses. Whatever the method of IP allocation the port
>numbers remain the same. If your phone is connecting into your router
>then the port forwarding will apply just the same whether the IP is
>dynamically assigned or fixed.
>Remove 'no_spam_' from email address.

Thanks for the info Brian. The thing that has me confused is that on
my D-Link 504 modem-router it allows me to set up port forwarding.
Basically, it allows me to set any Internet port to forward to a local
IP on my LAN. So, for example, I could set the router to forward any
incoming data on port 5060 to 192.168.0.6, which is my existing PAP2.
I know that a port is not an IP, but I am succeeding in confusing
myself here.

Am I barking up the wrong tree here?

Roger.

On Sun, 28 Jan 2007 13:12:58 +0000, Roger Baker <me@privacy.net>
wrote:

> I could set the router to forward any
>incoming data on port 5060 to 192.168.0.6, which is my existing PAP2.

you could, but you don't need to. The above would be helpful if
unsolicited data arrived at your IP destined for the PAP2 but isn't
necessary if the PAP2 has STUN running and registered as the data will
arrive in a form expected by the NAT firewall and automagically sent
to the PAP2.

An analogy is a web browser, you don't have to port forward web
traffic to the client PC as it was requested by the browser and comes
as part of an existing session so gets routed accordingly.

Phil
--

Usenet spam eaten by a Hamster http://www.tglsoft.de/
No more cable clowns :-))
Please do not feed or re-quote the trolls.

On Sun, 28 Jan 2007 15:02:17 +0000, Phil Thompson
<phil.thompson@spamcop.net> wrote:

>unsolicited data arrived at your IP destined for the PAP2 but isn't
>necessary if the PAP2 has STUN running and registered as the data will
>arrive in a form expected by the NAT firewall and automagically sent
>to the PAP2.

Thank you very much Phil for the insight.

Just one final question. What would be the address and port number of
a good STUN server to use?

Many thansk,

Roger.

On 2007-01-29, Roger Baker <me@privacy.net> wrote:

> Just one final question. What would be the address and port number of
> a good STUN server to use?

You could ask voip.co.uk whether they have one, but meanwhile there is
stun.sipgate.net:10000.

Brian.

Roger Baker wrote:
> Could any kind soul please explain something to a total newbie.
>
> I am considering getting the Samsung C460IP DECT VOIP phone. I already
> have an account with voip.co.uk. I believe that the C460IP can be used
> with the DHCP server in my ADSL Modem/Router to have an IP address on
> my local network dynamically allocated. So far so good.


Voip.co.uk is a decent service provider.

You don't ever need to do any port forwarding with them. Doing port
forwarding is actually quite likely to mess it up.

Providing your nat/router is fairly standard, it will just work.

Tim

Roger Baker wrote:
>
> Just one final question. What would be the address and port number of
> a good STUN server to use?

Just never ever ever ever use Stun.

It just doesn't help. We've moved on a bit since 2001 :)

Using stun with voip.co.uk will probably break more things than in helps.

Tim

On 2007-01-30, Tim <nutnews@kooky.org> wrote:

> Just never ever ever ever use Stun.
>
> It just doesn't help. We've moved on a bit since 2001 :)
>
> Using stun with voip.co.uk will probably break more things than in helps.

I'm intrigued by this advice. I cannot say I am perplexed because that
would require me to have a good understanding of how STUN works. And I
don't.

Is it possible for you to expand on the reasons for avoiding the use of
STUN? Is it applicable for all situations or only when a VoIP provider
is involved?

Brian.

Brian wrote:
> I'm intrigued by this advice. I cannot say I am perplexed because that
> would require me to have a good understanding of how STUN works. And I
> don't.
>
> Is it possible for you to expand on the reasons for avoiding the use of
> STUN? Is it applicable for all situations or only when a VoIP provider
> is involved?


First, a little background.

When I wrote my original post, I had spent part of the afternoon with a
senior employee of a well known voip provider. Who said `One of our
biggest problems is customers who put a stun server setting in or who
insist it won't work without Stun`

[sorry for the vague wording, but I know lots about how most of the
major voice networks are setup, and I try not expose commercially
sensitive information]

Anyway.

Why Stun is a bad idea in a modern voip network.

How Stun works.

You have a device behind a NAT router on a private IP address.

The idea for a phone to work out what is the public IP address on the
outside of the NAT router. The phone then uses this IP address in the
via parts of SIP messages and in the SDP packets.

The problem is, this will only work for certain kinds of NAT devices.
The ones that don't do very much checking on inbound packets. On most
routers, stun doesn't help at all. Sometime it can make things appear
worse by letting your SIP registration work, but then call audio will be
in one direction.

But, most SIP service providers deploy Session Border Controllers, or a
B2BUA that is completely symmetric. These will work for almost any nat
with no faffing around.

They usually work by comparing the IP address in the via line with the
IP address and port the packet was actually received from. Also, the
server can check whether the presented IP address is a private IP
address, as defined by RFC 1918.

The SIP server can make informed choices about what to do, based on
whether it thinks the client is behind a NAT.

When a stunned client connects, the SIP server believes the device is on
a public IP address. The device may actually be behind a symmetric
nat, where the stun is not going to help the device make successful calls.

In summary

1) If you take installations in the wild - an average ADSL router in an
average house or small business, stun is very unlikely to work because
the router will still block the incoming RTP.

2) Stun can stop SIP servers nat traversal systems working.


If a SIP service provider suggests Stun as a nat traversal option, then
they are having a laugh.

Use a decent SIP provider with session border controllers, or just get a
public IP address for your SIP phone.


Personally, Stun feels so like a 2002 protocol, and we've moved on a
long way since then.

There is a thing called ICE, which does help for NAT traversal, but it
isn't widely implemented.



I hope this explains in a useful way. Brain is a bit tired now.

Tim