Relevant

A New Template for Joomla!

 

NodePhone and the Billion 7404 Firewall

Configuring NodePhone is fairly easy. The first place to look is Internode's web site: NodePhone Configuration Guides

Even if you have the packet filter turned on, and set to use the "All blocked/User-defined" profile, you will not have to forward any ports, or add any packet filter rules... but...

There is one trap you may fall into: The Billion is configured to use "sip.internode.on.net" so it naturally requires a DNS lookup to find the IP address. If your packet filter rule only allows UDP port 53 lookups from your internal IP range, eg. "192.168.0.0 / 255.255.255.0", then SIP will fail (the phone will show as "unregistered") because it can't find the SIP gateway. If you look inside your firewall logs it will show port 53 being blocked with your public IP address listed as the source IP (not the router's local IP address as you may have expected).

To fix this I changed my DNS rule to allow UDP port 53 from 0.0.0.0 / 0.0.0.0 instead of 192.168.0.0

I tested this with the "SIP ALG" setting turned off (under Advanced Configuration, Firewall, General Settings), Internode suggest turning it off in their troubleshooting guide.

Although SIP uses port 5060, it seems that if the Billion itself is doing the VoIP, then you don't need to touch the firewall or anything else. It should "just work". If you had another device doing VoIP then you would have to forward UDP port 5060 to that device. There is also reference to the RTP port 5100, but one of Internode's engineers told me I didn't need to open this up.