Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Astaro Gateway Products > Network Security: Firewall, NAT, QoS, IPS and more
Reload this Page Packet Filter and allowing Spoofing
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-04-2006, 03:49 PM
Junior Member
  
Join Date: Jun 2006
Posts: 9
Question Packet Filter and allowing Spoofing
I'm trying to get my Cisco 7960 to work through broadvoice. I'm watching the packet filter log and everything looks fine except for the following:


I have SIP Proxy on. Would it make sense that the Internal Address is trying to perform spoofing? I'm assuming it's trying to spoof the mac address on the VOIP phone? I'm getting fustrated trying to get this to work.
Thanks in advanced for the help.
-Paul
Reply With Quote
  #2 (permalink)  
Old 07-04-2006, 05:09 PM
Junior Member
  
Join Date: Jun 2005
Posts: 5
Default
What you're seeing there is bootp and DHCP requests being broadcast to the network. What is your Cisco 7960 phone doing? Does it even come up right? My Cisco phones here like to DHCP from the network then TFTP in their config and firmware.

At this point, I don't even see any SIP traffic, so you're going to have to dig a little deeper to figure out what is stopping your phone from working.
Reply With Quote
  #3 (permalink)  
Old 07-04-2006, 06:39 PM
Junior Member
  
Join Date: Jun 2006
Posts: 9
Question SIP and Packet filter
The Cisco 7960 running SIPs IP is 172.17.1.99 and the astaro GW is 172.17.1.99 If I plug the Cisco 7960 into the cable modem directly it works. If I plug it into the switch behind the astaro I get INV and Reorder accross the display of the phone.
I setup a packet filter rule to allow 172.17.1.99 ANY ANY and it still gives me that message.
I tried using the SIP proxy running transparent but with that on it doesn't seem to work either. I sent the DNS to the Proxy the phone connects to SIP.Broadvoice.com with still no luck.
What I don't understand is when the SIP Proxy is off, and I'm trying to just use packet filter rules posted above the packet filter log shows the phone trying to connect driectly to the gateway on port 5060(SIP):

Any ideas? Thanks again in advanced.
-Paul
Reply With Quote
  #4 (permalink)  
Old 07-04-2006, 11:09 PM
RFCat_vk's Avatar
Wizard
  
Join Date: Aug 2005
Location: Victoria, Australia
Posts: 2,945
Smile
First thing is your Cisco and GW are using the same address or is that a typing error.
Secondly, do you have NAT enabled when you disable the SIP proxy?

Ian M
__________________
Home User licence - v8.0xx - AMD X2 5050e (45w CPU) with 4gb (idles at 37w),1 intel NIC, the onboard NIC and netgear gs108t with vlans and Astaro AP 30.
essentials licence - v8.0xx - intel D with 1.5gb.
Reply With Quote
  #5 (permalink)  
Old 07-05-2006, 01:07 AM
Junior Member
  
Join Date: Jun 2006
Posts: 9
Default Oops
Correction
The Cisco is 172.17.1.99 and the GW is 172.17.1.1
Nat is enabled through MASQ if i'm not mistaken.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 03:17 AM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.