dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4563
share rss forum feed


Bluefish
Premium
join:2010-02-23

Obi100 VOIP Requires opening ports on router, insecure?

I just purchased an Obi100 VOIP adapter to use with Google Voice and while setting it up I noticed that it requires the following ports to be open:

Allow Outgoing:

TCP Ports: 6800, 5222, 5223
UDP Ports: 5060, 5061, 10000 to 11000, 16600 to 16998, 19305

Allow Incoming on UDP Port: 10000

My questions are, does opening these ports make my network less secure and if so, how? Should I look for a different voip option that doesn't require opening ports on my router ... would you?

I'm not quite sure how to open ports on my router either, is opening ports the same thing as port forwarding? I have an ASUS RT-N66U router.

TIA, Veronica



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit

said by Bluefish:

I just purchased an Obi100 VOIP adapter to use with Google Voice and while setting it up I noticed that it requires the following ports to be open:

Allow Outgoing:

TCP Ports: 6800, 5222, 5223
UDP Ports: 5060, 5061, 10000 to 11000, 16600 to 16998, 19305

Allow Incoming on UDP Port: 10000

My questions are, does opening these ports make my network less secure and if so, how? Should I look for a different voip option that doesn't require opening ports on my router ... would you?

I'm not quite sure how to open ports on my router either, is opening ports the same thing as port forwarding? I have an ASUS RT-N66U router.

TIA, Veronica

Are you sure that you will need to open the outbound ports? Not many residential/soho grade routers will block outgoing packets by default.

If you only open/forward UDP port 10000 inbound to your Obi100 box, that is where the inbound traffic will go. Nothing else on your network will be effected by that traffic (except for whatever bandwidth it uses). Also, I would try using the Obi100 box without even opening/forwarding the inbound port. Most SIP/RTP VoIP adapters will open a session with their call controller, and when that is done, there is no need to have an inbound port explicitly opened/forwarded. I have used a variety of VoIP ATAs with AT&T CallVantage, and Vonage, and I have used soft phones with other providers, and I have never found it necessary to open/forward any ports in either direction; but of course, YMMV.

And to answer your last question, yes some vendors refer to "opening" ports and "forwarding" ports as being the same thing. The primary difference is that you "open" ports in an SPI firewall that is not doing NAT, and you "forward" ports in a NAT router. However, I suspect that the documentation you are reading is more oriented to a more restrictive firewall appliance where everything is blocked in both directions by default, and a network admin must "open" the required ports for any new device. As I said before, not many residential/soho grade routers are that restrictive out of the box.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

Dee Bee
Premium
join:2005-05-08
North York, ON

2 edits
reply to Bluefish

Hi Veronica:

Here is a simplified Wikipedia article about open ports:
»en.wikipedia.org/wiki/Open_port

and here is one that touches on nat and port forwarding:
»superuser.com/questions/284051/w···used-for

In my opinion open ports (on equipment behind your router) don't really cause a security problem in cases like yours because your router still has a feature called NAT.
In a simplified explanation, NAT stops any computers from the internet from connecting to anything behind your router unless a device behind your router on the LAN (local area network) specifically asks to be sent information from that computer on the internet.

You definately don't want to port forward (through your routers) and I don't think that Google Voice would require that option to be enabled.

Please note that there is also a VOIP forum on DSLR (VOIP Tech Chat):

»VOIP Tech Chat

If you ask VOIP related questions there you are bound to run into someone who has the same equipment and provider that you are interested in and can help out.

I hope this was of some help to you.


OZO
Premium
join:2003-01-17
kudos:2
reply to Bluefish

No, you should't.

Obi100 is SIP client, not a server. It will make connection through your router to a SIP server without any special actions from you. I use similar device and it doesn't need any configuration changes in my router. Depending on your particular configuration OBi100 may or may not require to use STUN server. I personally use one.

"Open port" term is usually used in firewall configuration (that may or may not reside on your router). "Forwarding port" is used in NAT routers to tell the router where to send packets, that arrive on WAN interface of the NAT router. So, those are different terms.
--
Keep it simple, it'll become complex by itself...



Bluefish
Premium
join:2010-02-23
reply to Bluefish

Thanks for the quick responses. I will read the links provided. I have read some documentation on opening ports but am still fuzzy on this port stuff and am really concerned about the security of doing so.

I was reading the faq on the obihai site as I am getting an error when I try to register the Obi100 product on the Obitalk site and call the numbers they provide, "There is no service available" and that's where I got the info on opening ports for the Obi100 in my original post.

I will post on the forum for voip to see if anyone else has had this problem and whether or not they had to open ports on a soho router. Again, thanks, have learned so much from this forum, really appreciate everyone's help over the years! Veronica


garys_2k
Premium
join:2004-05-07
Farmington, MI
Reviews:
·Callcentric
·callwithus

You might want to re-post this over in »VOIP Tech Chat but it is rare to have to forward ports for ATAs. What router do you use? I use Smoothwall Express and I have both an Obi100 and a PAP2T behind it with NO ports forwarded to either one. I'm registered to three VoSPs (including Google Voice) with no issues.

As for security issues, the fewer ports forwarded, the better, but sending incoming port 10000 itself shouldn't be a huge issue, but I doubt it will help.



Bluefish
Premium
join:2010-02-23
reply to Bluefish

I finally got everything working (started from step 1 all over again, not sure what I did wrong the first time) and just finished my first call successfully with the OBi100 using Google Voice, pretty good call quality, no echo like I get with my Vonage V-Portal when it's placed behind my router as opposed to in front of the router, where Vonage wants it placed. I didn't have to open any ports on the router! So I am happy.

Thanks again everyone!! Veronica


OZO
Premium
join:2003-01-17
kudos:2

Glad to hear that.
Thanks for update.