Menu
What's new
By:
Filters Better Search

Firewall Not Blocking inbound SIP Traffic

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

Mike S

Regular Contributor
I have an RT-AC68U router running Asuswrt Merlin running 384.18. I have the firewall enabled. I have a SIP VOIP phone connected to the router on my LAN. Today, I started getting a tone of ghost calls on the phone. I turned on the packet trace and discovered lots of inbound SIP traffic from a 198.23.xx.xx network addressed to the phone on my LAN.

How can this happen? I don't have any Port Forwarding configured.
 
Mike S said:
I have an RT-AC68U router running Asuswrt Merlin running 384.18. I have the firewall enabled. I have a SIP VOIP phone connected to the router on my LAN. Today, I started getting a tone of ghost calls on the phone. I turned on the packet trace and discovered lots of inbound SIP traffic from a 198.23.xx.xx network addressed to the phone on my LAN.

How can this happen? I don't have any Port Forwarding configured.
Click to expand...
Upnp created a port forward?
 
Mike S said:
I have an RT-AC68U router running Asuswrt Merlin running 384.18. I have the firewall enabled. I have a SIP VOIP phone connected to the router on my LAN. Today, I started getting a tone of ghost calls on the phone. I turned on the packet trace and discovered lots of inbound SIP traffic from a 198.23.xx.xx network addressed to the phone on my LAN.

How can this happen? I don't have any Port Forwarding configured.
Click to expand...

It's not a router firewall issue... it's your phone willing to talk to whoever calls.

Check your phone's SIP account configuration for settings to reject anonymous SIP calls such as:
AcceptSipFromRegistrarOnly = enabled
EnforceRequestUserID = enabled
Check SIP User ID for Incoming INVITE = yes
Accept Incoming SIP from Proxy Only = yes
Authenticate Incoming INVITE = yes

Basically, you want to only accept SIP connections from your SIP service provider.

Also, set your phone's SIP account configuration to use a local user agent port other than 5060, such as 65061 to hide from SIP scanners... security by obscurity. If you have more than one SIP account registered on the phone, make the next port 65062, etc.

Do disable router WAN\NAT Passthrough\SIP Passthrough. These SIP helpers have caused issues like one-way audio on calls.

OE
 
Last edited:
You must log in or register to reply here.

Similar threads

Q
VPN Fusion and firewall/port forwarding
Replies
0
Views
169
qpeg
Q
C
Incoming SIP Calls drop after 5 mins could this be UDP timeout? on RT-AX86U
Replies
4
Views
553
craigywsm
C
H
Solved Beginners firewall question.
Replies
6
Views
786
Henk-J
H
B
Firewall lan - vpn?
Replies
0
Views
269
blast
B
John Tetreault
How to open ipv6 firewall to a port on the router?
Replies
4
Views
604
sfx2000
sfx2000
Similar threads
Thread starter Title Forum Replies Date
D Blocking GoogleDNS & others via Diversion, Firewall-NSF &/or static routing Asuswrt-Merlin 11
fffddd URL filtering in the firewall does not take effect Asuswrt-Merlin 7
G Feature request: firewall url filter log Asuswrt-Merlin 0
B Firewall lan - vpn? Asuswrt-Merlin 0
John Tetreault How to open ipv6 firewall to a port on the router? Asuswrt-Merlin 4
C Port Forwarding and Firewall - not working as I expect Asuswrt-Merlin 4
C IPv4 Firewall/Port-Forwarding - Appear to be the same thing on Asuswrt Asuswrt-Merlin 4
colourofsound Asus-Merlin Firewall Asuswrt-Merlin 24
H Solved Beginners firewall question. Asuswrt-Merlin 6
S Cannot ping/skynet will not work while Firewall is Enabled. Asuswrt-Merlin 2

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 791 (members: 34, guests: 757)
Top