cancel
Showing results for 
Search instead for 
Did you mean: 

Firewall error reported on router, when making outbound calls

pnf
Grafter
Posts: 266
Registered: 07-11-2007

Firewall error reported on router, when making outbound calls

When making calls, the following error is reported in my router’s event log:
“FIREWALL replay check (1 of 1):  Protocol: ICMP  Src ip: xx.xx.xx.xx  Dst ip: 194.165.60.134  Type: Destination Unreachable  Code: Port Unreachable”
The calls made seem to be OK, but does this indicate that there is a configuration problem either on my router or on Gradwell’s server? 

Router: 
Speedtouch 780WL
Software Version:
Flash image: 6.2.17.5.0
Build name: ZZOGCT6.2H5
Service Configuration settings:
Registrar: lon-pbx-12.gradwell.net
Registrar Port: 5060
Proxy: nat.plus.net
Proxy Port: 5082
Expire Time: 3600
Firewall Security Setting:
Standard
19 REPLIES
RichSmol
Grafter
Posts: 709
Registered: 29-10-2007

Re: Firewall error reported on router, when making outbound calls

Im just checking with Gradwell that you are still on the white list to connect to the PBX12 server. I'll let you know when i get a response - I'm presuming thats the problem at the moment.
pnf
Grafter
Posts: 266
Registered: 07-11-2007

Re: Firewall error reported on router, when making outbound calls

My router registers with the PBX12 server.  Could it be something to do with the proxy settings?  In another thread it was mentioned that because the Speedtouch 780 was SIP aware the proxy settings weren't strictly necessary but I was unable to clear those settings.
RichSmol
Grafter
Posts: 709
Registered: 29-10-2007

Re: Firewall error reported on router, when making outbound calls

This extension is still assigned to pbx 12
There have been no server side configuration changes, which would suggest a hardware issue here.
Have you made any config changes to your device lately? e.g. Settings and/or firmware?
I would suggest we double check the VoIP config, and ensure all port forwarding rules are still in place. Please can you provide any advanced settings info for me?
pnf
Grafter
Posts: 266
Registered: 07-11-2007

Re: Firewall error reported on router, when making outbound calls

I tried the latest firmware (62T3) but that did not resolve this issue and so I went back to the original firmware (62H5) so as not to introduce any additional issues.  No settings have been changed.  The VOIP service configuration information is as posted above.  The SIP URI, username and password are entered on the Telephone Identity page and they have not changed.  I haven't configured anything else on the router, no port forwarding rules etc.
RichSmol
Grafter
Posts: 709
Registered: 29-10-2007

Re: Firewall error reported on router, when making outbound calls

what actually happens when you try and make the call? i.e. dead tone, no tone, call cuts off, no outbound audio but call connects?
pnf
Grafter
Posts: 266
Registered: 07-11-2007

Re: Firewall error reported on router, when making outbound calls

The calls work fine.  I raised this issue because of the error reported in the event log each time I make an outbound call.
RichSmol
Grafter
Posts: 709
Registered: 29-10-2007

Re: Firewall error reported on router, when making outbound calls

Help from Gradwell on this one.....
Is your firewall just trying to ping the nat proxy on some port, which itself is then not responding and causing the log message?
can the ping check be turned off to just stop the messages from appearing?
I think we need to understand what is causing the message to be initated on the router.
pnf
Grafter
Posts: 266
Registered: 07-11-2007

Re: Firewall error reported on router, when making outbound calls

In response to the first two questions, I really do not know the answer to them, but hopefully the following information will help in some way:
The equipment involved is as follows:
    Speedtouch 780WL router
    Cordless DECT Phone with base station attached to the router
The message on the router is triggered by making a VOIP call from the DECT phone, via the Speedtouch 780WL router.  When such a call is made the following events are reported in the router’s event log:
    Call initiated on Dect Phone:
          Mar 26 23:48:16 VOIP: Send INVITE
          Mar 26 23:48:16 VOIP: Recv 100 Trying
          Mar 26 23:48:16 VOIP: Recv 407 Proxy Authentication Required
          Mar 26 23:48:16 VOIP: Send ACK
          Mar 26 23:48:16 VOIP: Send INVITE
          Mar 26 23:48:16 VOIP: Recv 100 Trying
          Mar 26 23:48:17 VOIP: Recv 183 Session Progress
          Mar 26 23:48:17 FIREWALL replay check (1 of 4): Protocol: ICMP
                                Src ip: xx.xx.xx.xx    Dst ip: 194.165.60.134
                                Type: Destination Unreachable    Code: Port Unreacheable
          Mar 26 23:48:18 VOIP: Recv 180 Ringing
          Mar 26 23:48:22 VOIP: Recv 200 OK
          Mar 26 23:48:22 VOIP: Send ACK
          Mar 26 23:48:38 VOIP: Send REGISTER
          Mar 26 23:48:38 VOIP: Recv 200 OK
    Call terminated from DECT Phone:
          Mar 26 23:48:41 VOIP: Recv BYE
          Mar 26 23:48:41 VOIP: Send 200 OK
          Mar 26 23:49:06 VOIP: Send REGISTER
Note that the Src ip address (xx.xx.xx.xx) that is reported is the dynamic ip address that is allocated to my router when it connects to the force9 broadband service.
The FIREWALL message is from the router’s firewall, which is set to the ‘standard’ setting, no additional adjustments or tweaks have been made.
That is really all that I am able to tell you about how the message is initiated on the router.

As an aside, from my computer, I am able to ping the destination ip address, 194.165.60.134, and the result is as follows:
> ping 194.165.60.134
Pinging 194.165.60.134 with 32 bytes of data:
Reply from 194.165.60.134: bytes=32 time=38ms TTL=57
Reply from 194.165.60.134: bytes=32 time=32ms TTL=57
Reply from 194.165.60.134: bytes=32 time=36ms TTL=57
Reply from 194.165.60.134: bytes=32 time=32ms TTL=57
Ping statistics for 194.165.60.134:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum = 38ms, Average = 34ms

RichSmol
Grafter
Posts: 709
Registered: 29-10-2007

Re: Firewall error reported on router, when making outbound calls

The plot thickens....I think this thread hints at the same kind of problem.
http://www.speedtouch.net.nz/forum/topic.asp?TOPIC_ID=151
I've asked Gradwell to help us out with the telnet session - I think we can simply turn this check off without any problems.
RichSmol
Grafter
Posts: 709
Registered: 29-10-2007

Re: Firewall error reported on router, when making outbound calls

Ok, i've been in contact with Gradwell and i think we've worked out a way of turning these firewall checks off. Obviously, its entirely up to you whether you want these checks turning off - as far as I/Gradwell can tell these checks are not priority firewall checks and if you have Windows Firewall turned on you will be sufficiently covered.
In order to turn the checks off you need to telnet into the router. Steps outlined below:
type 'cmd' in the run command
type 'telnet'
type 'o <IP of the router>
type 'firewall'
type 'config ICMPchecks=none'
type 'saveall'
For future reference you can see the telnet commands by typing '?'.
Let me know if you need any further help.
pnf
Grafter
Posts: 266
Registered: 07-11-2007

Re: Firewall error reported on router, when making outbound calls

Thanks for your help with this Rich.  I disabled ‘icmpchecks’ on the router, made a test call and sure enough there were no firewall errors reported on the router.  After the test I re-enabled icmpchecks so as not to mask the issue and to put the router back to its’ default state. 
Have Gradwell got any views as to what is going on here?  Obviously my router is sending information to the Gradwell server which is being rejected and in my mind this is indicative of some kind of a problem, even though I am able to make calls.
I have been carrying out a number of tests this evening and I can resolve the problem by changing the Proxy settings on the router as follows:
Original settings:
Proxy: nat.plus.net
Proxy Port: 5082
New Settings:
Proxy: lon-pbx-12.gradwell.net
Proxy Port: 5060
With the new proxy settings, I no longer get the firewall error on the router and I am still able to make and receive calls.  Am I correct in assuming that it is OK to use these new proxy settings?
RichSmol
Grafter
Posts: 709
Registered: 29-10-2007

Re: Firewall error reported on router, when making outbound calls

not too sure why that would work to be honest - Gradwell have to manually add users to the lon-pbx-12.gradwell.net server to allow connectivity through it. The lon-pbx-12.gradwell.net server is designed to be a SIP server not a proxy server so I'm not too sure what use that is actually bringing. Have you tried removing settings? Maybe the device doesnt need an outbound proxy and this is managed somewhere else already?
pnf
Grafter
Posts: 266
Registered: 07-11-2007

Re: Firewall error reported on router, when making outbound calls

When I was switched over to the lon-pbx-12.gradwell.net server it was suggested that the proxy settings should be removed.  However, via the browser interface, the Speedtouch 780WL would not allow the proxy settings to be removed.  Is there a way of achieving this via the Command Line Interface of the router?  In the meantime, I will put the proxy settings back to nat.plus.net and 5082.
For information, I noticed that whilst the router was set to use  lon-pbx-12.gradwell.net as the proxy server, it registered with the service every hour (3600 seconds) rather than 28 seconds.
pnf
Grafter
Posts: 266
Registered: 07-11-2007

Re: Firewall error reported on router, when making outbound calls

Thanks PJ
I have just done a trace route on 194.165.60.134 and the results are as follows:
>tracert 194.165.60.134
Tracing route to lon-ppc-3.gradwell.net [194.165.60.134]
over a maximum of 30 hops:
  1    6 ms  100 ms    99 ms  speedtouch.lan [192.168.1.254]
  2    39 ms    37 ms    35 ms  lo0-homesurf.ptn-ag1.plus.net [195.166.128.124]
  3    34 ms    34 ms    33 ms  ge1-0-0-306.ptn-gw02.plus.net [84.92.3.21]
  4    35 ms    39 ms    35 ms  ge0-1-0-31.ptn-gw1.plus.net [195.166.129.1]
  5    37 ms    37 ms    37 ms  te2-2.thn-gw1.plus.net [212.159.1.54]
  6    35 ms    62 ms    40 ms  193.203.5.203
  7    39 ms    41 ms    42 ms  unit360.ge0-0-2.bdr3.thdo.gradwell.net [194.165.60.153]
  8    39 ms    38 ms    40 ms  unit2.ge0-0-1.bdr1.thdo.gradwell.net [194.165.60.2]
  9    46 ms    42 ms    37 ms  lon-ppc-3.gradwell.net [194.165.60.134]
Trace complete.
The server is definitely visible, so I suspect your suggestion that one of the servers may be set to ignore ICMP is likely to be the case.  Maybe the Gradwell engineers will confirm or otherwise.