A nice thing about the SMC gateway used by comcast is they will "auto" switch to bridged mode if you put a firewall with the public static IP behind it.
You can also plug clients directly into the SMC and it will still nat them separately from the bridged static IP. So just assign the one static IP to the firewall and you wont have to worry about the smc getting in the way. -M >>> Tony Graziano <[email protected]> 07/03/12 6:27 AM >>> SMC's firewall will not allow static port nat. Put the SMC in bridged mode. Use any firewall that will allow you to use a firewall with both static port nat and the ability to disable any ALG (pfsense, iptables if correctly configured, etc.). When you put the SMC in bridged mode it will hand out dhcp to your wan using the 10.x address but you can safely ignore it and use the public ip you have been provisioned with your real firewall. On Mon, Jul 2, 2012 at 10:14 PM, [email protected] <[email protected]> wrote: When requesting a static IP from Comcast they force you use their CPE, a SMC modem/router combo, and then they provision the static with RIPv2. This leaves you with two usuable IPs when you request one IP; one static that is bridged through, the other is the gateway IP in which clients behind the SMC NAT would go out. I've set up sipxecs on the static IP only (multihome attempt was a failure) and phones are behind the NAT like so : WAN (gateway IP) -> SMC -> 10.1.10.0/24 -> Firewall -> 192.168.1.0/24 clients and phones WAN (public static IP) -> SMC -> sipxecs w/public static ip I initially tried using the SMC's 10.1.10.0/24 NAT address space/firewall for clients but discovered quickly that I need to be able to set clients to 192.168.1.0/24 because of hard coded IPs inside their software/databases. For some reason the SMC just wouldn't let me set that address space and I can't change the hard coded IPs without major surgery. Anyway, I'm seeing the two phones (Polycom 321's with 3.2.7 firmware and 4.2.1 bootrom) successfully register and then "freeze" right after loading sip.ld. They become completely unresponsive and the only thing I can do at that point is hard power cycle them. Do I need to set up another sipxecs behind the NAT as a branch, or should both phones be able to stay registered with this setup using TCPPreferred transport? The firewall is just a linux box with iptables masquerading like so : iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE I've also tried using netfilter/conntrack and setting it to watch TCP, UDP, and RDP. Thanks, Matt _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- ~~~~~~~~~~~~~~~~~~ Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.465.6833 ~~~~~~~~~~~~~~~~~~ Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 Ask about our Internet Fax services! ~~~~~~~~~~~~~~~~~~ Using or developing for sipXecs from SIPFoundry? Ask me about sipX-CoLab 2013! LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Customers: http://myhelp.myitdepartment.net Blog: http://blog.myitdepartment.net
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
