Router firewall reporting blocked outgoing ICMP packets from Obi ip
Rick441:
Maybe I should have posted this in the "new to using Obi" section as I have had my Obi200 for less than a month. I am connecting the Obi200 to my router with OBiWiFi5G Wireless USB instead of a direct ethernet connection. The Obi200 is about 15 feet from the router, with no obstructions. I am using the Obi with Google Voice.
I have been looking at my router firewall logs, and see entries that say "Blocked outgoing ICMP packet (ICMP type 3) from [the static ip I assigned to Obi] to [internet ip address]." These occur throughout the day (including when I am not using the phone), and can vary in frequency from once every few hours to, say, ten times an hour. While I have not looked up every one of the many destination addresses, one that seems to reappear pretty often is 195.154.161.182.
I also noticed tonight that I receive that same router firewall log message as soon as I end any call -- outgoing or incoming, but in this case the intended destination is always 74.125.39.50, which seems to relate to Google. The message always repeats five times in succession. At least that is what happened with each of six or seven experimental calls I made tonight (outbound to a landline, and inbound from my cellphone).
Any idea what this represents? And in particular, could it relate to the occasional dropped calls I experience? Or to the latency I've noticed when testing (seems to be at least half a second, though most conversation seems fine)? I'm more concerned with the dropped calls; and since I usually end up with silence instead of a dial tone, maybe "dropped" isn't the correct term.
Thanks.
GPz1100:
Hard to say. The 195.154.161.182 comes back to a French ip.
I have our obi's set up with just the outbound ports needed for gv and callcentric. Everything else is blocked.
I set up a rule to allow the obi full outbound access to any port it wants. Will let it run for a few hours then review the logs. Other than initial GV configuration, everything else is done through the local obi webui. Functions like firmware update, live update, obitalk, and something else I can't recall are all turned off. It *should* only be contacting the above 2 services.
Edit: Nothing unusual in the firewall logs for the last 30 minutes. Will check later tonight.
Rick441:
Thanks, GPz1100. Will be interested in hearing how things look when you check tonight.
Fyi, in the last three hours the logs show ICMP packets blocked to the following ip's (listed in order of occurrence). They seem to be overseas, especially Europe, except for a few California. Note that 163.172, 134.119 and 195.154 (mentioned in my original post) recur.
195.154.161.182
163.172.118.112
46.17.46.8
51.15.147.86
195.154.161.182
163.172.229.94
145.239.30.225
134.119.179.53
89.248.167.131
195.154.62.94
5.196.83.178
134.119.186.75
54.36.122.44
I have excluded 74.125.39.50 -- apparently Google-related -- which,as I explained, always produces six consecutive blocked ICMP-packets messages after I end any call. There is only one message per occurrence for the others.
GPz1100:
Looking through the full log for today, of your IP's listed, I see the following:
11:57:53 Country blocked UDP 145.239.30.225:5060 → {WAN IP:5060}
09:32:20 Country blocked UDP 195.154.62.94: 8515 → {WAN IP:5060}
05:20:11 Country blocked UDP 5.196.83.178:5080 → {WAN IP:5060}
11:18:18 Country blocked UDP 5.196.83.178:5080 → {WAN IP:5060}
Another one for 54.36.122.44, all using sip trying to access my sip server. In fact I see hundreds of inbound attempts from all over for ports 5060..5080.
Are you sure you're reading the log correctly as outbound attempts rather than inbound? My firewall is set not to respond to any external ping (ICMP) requests. Internal pings to the outside get through, as do pings on the local network.
Here's a screen shot of obi traffic. The obi200 is at 10.10.3.102. Rule 24 is my general outbound voip rule for gv and callcentric. Rule #1 is a free for all. I added that after the post earlier this morning. All of these IP's come back to either callcentric or google.
Rick441:
Quote from: GPz1100 on November 15, 2017, 01:16:46 pm
Are you sure you're reading the log correctly as outbound attempts rather than inbound?
Yes, all outbound. But after I made router settings change all those firewall messages about blocked outgoing ICMP packets have stopped, with the exception of those citing that Google ip, and now a Callcentric ip (just added incoming & E911 service tonight), as well as one entry that seemed to have an Amazon ip.
The settings change corrected a dumb error I made, namely applying port *forwarding* to the ports Obihai says to allow *outgoing* (https://www.obitalk.com/info/faq/Troubleshooting-sec/ports-to-keep-open-on-my-router)... not that my basic router has a way to open a port, anyway.
After I canceled those forwards the messages about blocked outgoing ICMP packets stopped, with the exception of those I was seeing for Google (still after a call ends) and now Callcentric (which I added tonight for inbound and E911), plus one that appears to be an Amazon ip.
Based on your response, I also checked and saw that, like you, I have several entries of Inbound UDP blocking for port 5060. A few are from the same foreign ip's that were generating outbound ICMP attempts before I removed the port forwarding.
BTW, do you feel there is really any advantage (e.g., re dropped calls) to allowing incoming on UDP Port 10000 as Obihai suggests? Things I've read seem to suggest that there really isn't any need to do this.
Navigation
[0] Message Index
[#] Next page