This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM9 NAT rule 60001 RTP problems

Hi,

in advance: absolute noob here, thanks for any help and your patience ^^.

I try to configure a server behind a sophos utm 9 that needs to be able to send and receive rtp on ports 30000 - 33000. The problem i have is that incoming traffic gets blocked by fwrule 60001. I understand that this is blocked traffic due to no request has been sent to the host from the server outbound.

What is your advice to configure this? I understand i could just DNAT the ports and done, but i dont know this would be right, and if there is a more restrictive way to make this work.

also, beside your recommendations, we have a signalling on a specific port, is it possible to make a rule a la "if i send a client on port x, then this client is allowed to send rtp and stun to port 30000-33000 of my server"?

the clients that connect do that via WebRTC in browser or WebRTC/IceLink from mobile phone, with custom signalling for browser and SIP via Icelink from mobile.

Thank you in advance,

Bim

This thread was automatically locked due to age.

BAlfson over 3 years ago

Hallo Bim and welcome to the UTM Community!

Is this a VoIP server? Are the inbound packets sent from a small range of IPs belonging to your VoIP provider?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
Bim Tertulies over 3 years ago in reply to BAlfson

Hey Bob,

thanks for your reply. It is a FreeSWITCH, and no, the clients can basically be any browser in the internet or via mobile app over mobile networks. Additionally, it is the Binding Requests (STUN) from TURN Servers that try to offer their services.
Cancel
Vote Up 0 Vote Down

Cancel
BAlfson over 3 years ago in reply to Bim Tertulies

I would look on the websites of those products for their suggestions about configuring firewalls to work with them.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
Bim Tertulies over 3 years ago in reply to BAlfson

OK thanks, thats also in the work ^^

Can you tell me if there is a possibility to configure the follwoing (from my initial question):

Bim Tertulies said:
also, beside your recommendations, we have a signalling on a specific port, is it possible to make a rule a la "if i send a client on port x, then this client is allowed to send rtp and stun to port 30000-33000 of my server"?
Cancel
Vote Up 0 Vote Down

Cancel
BAlfson over 3 years ago in reply to Bim Tertulies

I'm not sure I "see" what you're proposing, Bim. You can make a DNAT that send a range of ports to your sever. You could also limit that DNAT to traffic coming from specific IPs.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel