Hello everyone!
There seems to be a strange problem with m0n0wall.
Here is the scenario:
Factory Reset m0n0wall (latest stable 1.2x version)
LAN IP address changed to: 10.1.0.2/16
WAN set to PPPoE for Internet connectivity.
DHCP server set to a small range.
Immediatelly after reboot, and /16 subnet mask, most of the SIP phones are unable to register to remote server. It seems as if m0n0wall doesn't map ports correctly or is not willing to map more than 2 ports in such scenario. What is more strange is that it is trying to do so with only two ports: 5060 and 6048. (Usually it should be some random number such as 13859). So the first two devices register and others fail immediately (doesn't matter which two).
If and only if LAN subnet mask is set to /24 (lets say: 192.168.1.1/24), all phones immediatelly register with no problems after reboot (and their remote ports are mapped correctly). Any /24 works: 10.1.0.1/24, 172.16.0.1/24.
We tried changing subnet from /24 to /16 and /8 and it fails every time (please note: it is a factory reset device so nothing else is configured!).
Then we used 'Advanced Outbound NAT' and manually pointed couple of /24 blocks from the /16 subnet to WAN interface:
10.1.2.0/24 -> any [WAN interface]
10.1.3.0/24 -> any [WAN interface]
...
And the phones registered with no problems after that (lets say that phones are allocated the range of 10.1.3.0/24 in 10.1./16 subnet). Every device was with a random port on WAN side (say x.x.x.x:48934 -> 10.1.3.10:5060).
Is there any limitation on the m0n0wall/freeBSD when it comes to subnet size and automatic NAT port mapping (subnet size /24) ?
Right now, the only solution with the /16 subnet is to use 'Advanced Outbound NAT' and to point each /24 subnet manually.
Other services (non-SIP ones) such as SSH, surfing, Jabber.. works with no problems on any subnet size (and without 'Advanced Outbound NAT' setting).
|
m0n0wall Forum > m0n0wall Support (English) > Firewall/NAT
Topic: /16 subnet, SIP, NAT port mapping issues