Cant Open Ports

I am trying to open ports for my digital phone but am not having any luck. I have read and tried all the suggestions I could find on this forum without results.

Here is a portion of my firewall config:

config redirect
option target ‘DNAT’
option src ‘wan’
option dest ‘lan’
option proto ‘tcp udp’
option src_dport ‘5004’
option dest_ip ‘192.168.10.235’
option dest_port ‘5004’
option name ‘grandstream’

config redirect
option target ‘DNAT’
option src ‘wan’
option dest ‘lan’
option proto ‘tcp udp’
option src_dport ‘5060-5080’
option dest_ip ‘192.168.10.235’
option dest_port ‘5060-5080’
option name ‘grandstream’

I have used the Luci Gui to open the ports, I have changed the order of the open ports. I tried an updated /etc/config/firewall file without any luck.

Any help would be much appreciated. I am without a phone (except for my cell phone).

Thanks.

Bill Dika

The firewall rules look correct. If you are also using IPv6 you have to add additional rules for that eg:

config rule
  option target 'ACCEPT'
  option src ‘wan’
  option dest ‘lan’
  option proto ‘tcp udp
  option src_dport ‘5004’
  option dest_port '5004'
  option family 'ipv6'
  option dest_ip '<ipv6 address of your device here>'

You can check if the ports are realy open eg. here https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap

Hi Skywalker-11

Thanks for the response.

The ipv4 address of my device is a static ip. I don’t see anywhere in the Luci interface where I can find the ipv6 address of my device. The only ipv6 addresses I see are for DHCP addresses.

Any further help would be much appreciated.

Bill Dika

If you have IPv6 configured you can see the addresses at http://<your_router_address>/cgi-bin/luci/admin/network/network
If no IPv6 address shows up that’s also fine. You only need it if you want to access the phone via IPv6 and if you only use IPv4 that should work too.

Have you tried to use the tool I linked above to see if the port is “open”? Also is the omnia directly attached to your buildings/apartments internet port or do you have a second router in between?

Hi Skywalker-11:

I have a Wan6 interface at

but don’t see any IPv6 address for my phone adapter (when it’s connected) which has a static IPv4 address.

Yes. It says that only ports 80 and 443 are open. Which I have also opened on my omnia.

My omnia is attached to my DSL modem (which is in bridged mode) in my home which is its own building. I don’t live in an apartment. Also I connected my phone adaptor to the lan port on my omnia.

But currently I don’t have the telephone adaptor connected to my omnia while I am trying to open the ports.

Thanks for your help.

Should I try something else?

Bill Dika

For the test to work the device has to be connected. And the device itself has to accept incoming connections on the tcp port.

You could also try to use tcpdump -i eth1 port 5060 on the omnia while executing the scan to see if the traffic is even reaching your router as some ISP may block it. The result should be something similar to this:

00:54:38.113563 IP scanx4.pentest-tools.com.51232 > xxx.xxx.xxx.xxx.5060: Flags [S], seq 1534505322, win 1024, options [mss 1460], length 0
00:54:38.215544 IP scanx4.pentest-tools.com.51233 > xxx.xxx.xxx.xxx.5060: Flags [S], seq 1534570859, win 1024, options [mss 1460], length 0

If your device is reachable you should also see traffic in the other direction xxx.xxx.xxx.xxx.5060 > scanx4.pentest-tools.com.51232

Hi Skywalker-11:

Thanks for the help.

I changes digital phone providers. My new provider sent me a different ATA which I attached to my router and it just works.

I got tired of being without a phone and thought it shouldn’t be that hard to get it working.

I think you were onto something here, as I don’t think it was accepting any connections.

Thank you.

Bill Dika