SMC's firewall will not allow static port nat. Put the SMC in bridged mode. Use any firewall that will allow you to use a firewall with both static port nat and the ability to disable any ALG (pfsense, iptables if correctly configured, etc.). When you put the SMC in bridged mode it will hand out dhcp to your wan using the 10.x address but you can safely ignore it and use the public ip you have been provisioned with your real firewall.
On Mon, Jul 2, 2012 at 10:14 PM, [email protected] <[email protected]>wrote: > When requesting a static IP from Comcast they force you use their CPE, a > SMC modem/router combo, and then they provision the static with RIPv2. This > leaves you with two usuable IPs when you request one IP; one static that is > bridged through, the other is the gateway IP in which clients behind the > SMC NAT would go out. I've set up sipxecs on the static IP only (multihome > attempt was a failure) and phones are behind the NAT like so :**** > > ** ** > > WAN (gateway IP) -> SMC -> 10.1.10.0/24 -> Firewall -> 192.168.1.0/24clients > and phones > **** > > WAN (public static IP) -> SMC -> sipxecs w/public static ip**** > > ** ** > > I initially tried using the SMC's 10.1.10.0/24 NAT address space/firewall > for clients but discovered quickly that I need to be able to set clients to > 192.168.1.0/24 because of hard coded IPs inside their software/databases. > For some reason the SMC just wouldn't let me set that address space and I > can't change the hard coded IPs without major surgery. Anyway, I'm seeing > the two phones (Polycom 321's with 3.2.7 firmware and 4.2.1 bootrom) > successfully register and then "freeze" right after loading sip.ld. They > become completely unresponsive and the only thing I can do at that point is > hard power cycle them. Do I need to set up another sipxecs behind the NAT > as a branch, or should both phones be able to stay registered with this > setup using TCPPreferred transport? The firewall is just a linux box with > iptables masquerading like so : > > **** > > iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE**** > > ** ** > > I've also tried using netfilter/conntrack and setting it to watch TCP, > UDP, and RDP.**** > > ** ** > > Thanks,**** > > Matt**** > > ** ** > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- ~~~~~~~~~~~~~~~~~~ Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.465.6833 ~~~~~~~~~~~~~~~~~~ Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 Ask about our Internet Fax services! ~~~~~~~~~~~~~~~~~~ Using or developing for sipXecs from SIPFoundry? Ask me about sipX-CoLab 2013! <http://sipxcolab2013.eventbrite.com/?discount=tony2013%22> -- LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Customers: http://myhelp.myitdepartment.net Blog: http://blog.myitdepartment.net
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
