Hello all,I use a Fritzbox behind the XG with PhonerLite or LinPhone as SIP client. My provider is 1&1.Unfortunately, I have noticed that the SIP module crashes after a short time and that I only hear the ringing on new calls, but not the person I am talking to.I have now searched through the logs and found that the telephony works until I find the following in the log:localhost kernel: [266259.312048] ip_nat_sip_expected: doing self nating: <18.104.22.168>localhost kernel: [266261.783797] ip_nat_sip_expected: doing self nating: <22.214.171.124>Does anyone have any idea what the problem is here?
Kindly disable the UDP Flood from the DoS & spoof protection or bypass SIP Communication ports (TCPor UDP) from DOS bypass rules. Navigate to Administrator > >Intrusion prevention >> DoS & spoof protectionhttps://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/IPSDoSAndSpoofProtection.html
For more information about "Sophos Firewall: Turn on or off the Session Initiation Protocol (SIP) module", please check this link also : https://support.sophos.com/support/s/article/KB-000035917
Hope this helps!
Thank & Regards,
If a post solves your question, use the 'Verify Answer' link.
Hello NM_1987 ,Here is a screenshot of the overview page:
It doesn't look like something is being blocked.This is the current configuration:
If I understand correctly, spoof protection is disabled and nothing has been blocked in DoS.Or am I misunderstanding this?
Looks good, now please provide an expanded screenshot of your voip firewall rule.
XG115W - v19.5 GA - Home
Test machine - Asus P10S-i E3-1225v5, 6gb, 4 intel NICs, v19.5 GA
If a post solves your question please use the 'Verify Answer' button.
I don't have such a rule yet, because telephony always works after reloading the sip module.
rfcat_vk How should this rule look like?
No idea? What about the voip firewall rule, how should this rule look like?
My version is something like this
lan, voip network, wan, voip provider servers network address, any service. Application voip, ips lan to wan or configure your own.
you can refine the any service to your tcp/udp ports after a day of so of data to improve security.
Currently I have everything very open for the LAN and there is only one outgoing rule. Therefore, the proposed rule should be covered by the default.Here is this rule:
Or is there something I am missing here?
I would make a voip policy that does not use the dpi function.
I have now deactivated everything as a test. Nevertheless, it does not work.
Thank you for trying. What does logviewer show for the attempts?ian
I got this error at 13:52:06 and 13:52:08 in /var/tslog/syslog.logSep 17 13:52:06 localhost kernel: [629954.088001] ip_nat_sip_expected: doing self nating: <126.96.36.199>Sep 17 13:52:08 localhost kernel: [629956.539844] ip_nat_sip_expected: doing self nating: <188.8.131.52>But I can't find anything in the log viewer at this time:
how many Nat rules do you have in place and are any of them linked?ian
Hier sind alle meine NAT rules:
The 4th is connected to the Default Firewall Rule from above
this might not be the answer, but linked Nat rules take precedence regardless of where they sit in the Nat order. Also why do you have linked rules, they are really only needed if you have multiple wan links?
There is no specific reason for this. It came with the basic installation of XG.I have unlinked everything, but unfortunately the problem persists. :-(
Maybe I am missing something, but your error message is from your voip device not the XG, correct? So maybe you need to disable Nat on your voip device?
the error message would imply that you have the voip device wan interface connected to the XG, not the lan interface.ian
No, the log is from the XG itself:
SFVH_SO01_SFOS 18.5.1 MR-1-Build326# tail -f /var/tslog/syslog.log
Sep 19 10:00:01 localhost kernel: [788829.597191] 750:appdev_open:dev open 3
Sep 19 10:00:01 localhost kernel: [788829.597214] 703:appdev_write:ptr U 8,ACCEPT
Sep 19 10:00:01 localhost kernel: [788829.597215] 75:appfiltermap_adt_parser: buff U 8,ACCEPT
Sep 19 10:00:01 localhost kernel: [788829.597219] 711:appdev_write:count 10
Sep 19 10:00:01 localhost kernel: [788829.597222] 758:appdev_release:dev open 3
Sep 19 10:00:01 localhost kernel: [788829.597223] 771:appdev_release:counter 8 size 128
Sep 19 10:00:01 localhost kernel: [788829.597224] 774:appdev_release:dev open 0
Sep 19 10:58:27 localhost nsgsig-verify: /sdisk/u2d/downloads/avira_4.00_1.0.417524_immdiff.tar.gz.gpg: not an NSGSIG file
Sep 19 11:16:23 localhost kernel: [793411.148074] ip_nat_sip_expected: doing self nating: <184.108.40.206>
Sep 19 11:16:25 localhost kernel: [793413.607723] ip_nat_sip_expected: doing self nating: <220.127.116.11>
It seems that I found a solution now.
I have set in the Fritzbox "Keep port forwarding of the Internet router active for telephony" from 5 minutes to 30 seconds.
Many thanks to all for the support.