search

juanfranblanco / rt-n56u

Automatically exported from code.google.com/p/rt-n56u
0 stars 0 forks source link

Feature request - UDP Endpoint independant filter option #199

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
I would like to see a toggle on the firewall that allows us to set UDP Endpoint 
filtering to Endpoint Independent.

I utilize a software that uses SIP for a communication protocol and it has 
problems if more than one computer is using it at the same time.

Original issue reported on code.google.com by themadp...@gmail.com on 4 Apr 2012 at 7:04

GoogleCodeExporter commented 8 years ago 
Sorry if I've understood you incorrectly... Why don't you forward traffic for 
needed port to this machine?

Original comment by d...@soulblader.com on 5 Apr 2012 at 12:31

GoogleCodeExporter commented 8 years ago 
Because it's dynamic port assignment by the protocol to multiple internal 
machines - basically SIP initiates a connection from the outside on one machine 
- but then another machine picks up the communication on the same port - but 
because the source IP changes apparently that causes issues. 

The solution is UDP endpoint independent filtering - which is how the option is 
shown on other routers.  It's described like this:

      Endpoint-Independent Filtering:

         The NAT filters out only packets not destined to the internal
         address and port X:x, regardless of the external IP address and
         port source (Z:z).  The NAT forwards any packets destined to
         X:x.  In other words, sending packets from the internal side of
         the NAT to any external IP address is sufficient to allow any
         packets back to the internal endpoint.

I honestly don't know what the iptables command to accomplish this looks like - 
but I'm hopeful that this could be implemented.  I do appreciate your work on 
the firmware BTW :)

Original comment by themadp...@gmail.com on 5 Apr 2012 at 1:19

GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
I see now, thank you.

Have you tried to enable 'ALG: H.323' on 
http://my.router/Advanced_BasicFirewall_Content.asp ?..

Original comment by d...@soulblader.com on 5 Apr 2012 at 3:54

GoogleCodeExporter commented 8 years ago 
Yes I enabled both the H.323 and the SIP ALG's - (one - then the other - then 
both) and it didn't seem to help.  The first computer that connects has no 
issue - the second can't get a connection to work correctly.

Original comment by themadp...@gmail.com on 5 Apr 2012 at 12:21

GoogleCodeExporter commented 8 years ago 
I just wanted to mention - with your recent firmware and the ability to pick 
the type of NAT operating on the box - this issue is resolved.

Original comment by themadp...@gmail.com on 4 Jun 2012 at 7:13