News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

Not working behind two firewalls (service provider and mine)

Started by nycynik, January 19, 2021, 11:20:37 AM

Previous topic - Next topic

nycynik

Hi, I had everything working fine, and then I switched internet providers, and now the OBi can no longer find it's external IP.  The IP it shows is the internal IP, and in status I see:

SP1 Service Status
Status   Connecting to 0.0.0.0;Token Error

OBiTALK Service Status
Status   Acquiring Service (0);ex-addr=192.168.0.111:10089(10089)

Setup A - Inside second firewall (not working)
(Internet) --external IP 99.x.x.x-- (Internet Modem/Router Combo) --internal IP, 10.x.x.x-- (My firewall) --Internal network 192.168.0.x-- (OBi200, with IP 192.168.0.111)

When I move it outside of my firewall, it works fine.

Setup B:

Setup B - Outside firewall (working)
(Internet) --external IP 99.x.x.x-- (Internet Modem/Router Combo) --internal IP, 10.x.x.x-- (OBi200, with IP 10.0.0.35)(My firewall)

At this point, I know it's my firewall's problem, not the OBi. But it's logistically hard - the router is in the basement, too far from the phone, not that excited about running a phone wire around my house if it can be avoided.

It feels like maybe the issue is that it can't get an external IP, but I'm really guessing here. Seems like it should "just work". I'm forwarding port 10000 to the OBi, but I know that is not required since it works w/o that in setup B.

What do I need to do on the second firewall to make this work?
Thanks for any help


drgeoff

Sorry, but this post is one of those "it works for me".

I have an OBi100 5000 miles away on a cable TV ISP that uses Carrier Grade NAT which gives the in-home router a 10.x.x.x address on its WAN side. The OBi on the LAN side has a 192.168.1.x address. The router (a D-Link DIR-300) is running an ancient build of DD-WRT but I didn't do anything about port forwarding or firewall. I don't even remember if UPnP is implemented.  Works fine for calls in and out over Obitalk network and SIP ITSPs.

SteveInWA

The issue is the double NAT via the two chained routers.  Some ITSPs may be able to cope with it, whereas others can't, without some special settings.  Why are you doing that?  If you are using a ITSP-provided modem/router (also known as a MTU or gateway), but you prefer to use a "better" router for your home network, and thus have them chained, then set the ITSP gateway to bridge mode, thus eliminating its NAT.  The ITSP gateway then acts solely as a modem.