Training:Router
Router
The router is your gateway to the internet. It is responsible for routing packets from devices on your LAN to the internet, and ensuring that packets from the internet are routed to the correct devices on the LAN. This is accomplished through Network Address Translation (NAT) and port forwarding. The router is also typically responsible for assigning IP addresses to devices on the network via DHCP when not using a separate DHCP server.
- Network Address Translation – Since there are a limited number of IP addresses it is not feasible for every device that communicates to the internet to have its own public IP address. Because of this your network will have its own private subnet of IP addresses and a single public IP. When a device communicates out to the internet, the router will NAT a certain port for that device so that it knows where to send responding packets.
Inconsistent NAT is the number one reason we see remote phones failing. Symptoms would be showing as unreachable on the Monitoring page in the PBX, unable to receive calls, but able to make calls.
- Eg: You have a remote phone with a local IP address of 192.168.1.112 at your house. The public IP at your house is 78.16.54.98. If you look at the monitoring page in the PBX, it shows the remote phone registered with the 78.16.54.98 IP address. When the PBX sends packets to your phone, it sends them to <78.16.54.98:Port#>. When your home router receives the packets, it knows that the Port# was reserved for the local IP 192.168.1.112 and therefore routes the packets to your phone, allowing you to communicate.
- Dynamic Host Configuration Protocol (DHCP) – In most installs the router will serve the function of DHCP, meaning the router is responsible for handing out IP addresses to devices on the network. In a few instances the user will have a server onsite that handles DHCP instead of the router. During your site survey it is important to find out how DHCP will be handled, what the DHCP range is, and a list of unused static IP addresses so you can set the PBX (and possibly other devices) to a static IP and not have to worry about an IP conflict. Unless the network has advanced configuration (vLAN) there should only be one device handing out DHCP.
- Port Forwarding – This is how the router ensures that inbound packets to particular ports are routed to the right device on the LAN. For example, remote phones always initiate their communication by sending packets to port 5060. Because of this, you must forward port 5060 in the router to the internal static IP address of the PBX. If this port forwarding is not configured, the router will not know what to do with a packet received on 5060 and a remote phone will not register.
- Single Port Forwarding: This instructs the router to take all WAN traffic to a certain port and route those packets to a LAN IP via that single port. Eg: forward port 5060 externally to the PBX IP on port 5060.
- Port Range Forwarding: This instructs the router to take all WAN traffic to a range of ports and route those packets to a LAN IP via that range of ports. Eg: forward ports 10000 thru 20000 externally to the PBX IP on ports 10000 thru 20000.
- 1 to 1 NAT: This instructs the router to take all WAN traffic to a certain port and route those packets to a LAN IP via a different port. This would typically be used when the port needed is already being used. Eg: The end user hosts their own webpage and 80 is used, so instead you can forward port 8080 externally to the PBX IP on port 80.
Table 1: Single Port Forwarding
Application Name |
Port |
Protocol |
To IP Address |
Remote Administration |
80 |
TCP |
PBX Internal IP |
SSH Support |
22 |
TCP |
PBX Internal IP |
SIP |
5060 |
UDP |
PBX Internal IP |
Branch Office |
4569 |
UDP |
PBX Internal IP |
Table 2: Port Range Forwarding
Application Name |
Port |
Protocol |
To IP Address |
RTP |
10000-20000 |
TCP & UDP |
PBX Internal IP |
Table 3: 1 to 1 NAT
Application Name |
External Port |
Internal Port |
Protocol |
To IP Address |
Alternate Remote Administration |
8080 |
80 |
TCP |
PBX Internal IP |
- Remote Access – With remote access to the PBX you can make configuration changes from your office. IPitomy Tech Support will also be able to troubleshoot with you more efficiently. In order to have the most visibility to the PBX, we recommend you forward port 80 (remote admin) and port 22 (SSH) to the PBX Internal IP address. Once this has been configured in the router you can enter <publicIPaddress>/ippbx from any PC that is connected to the internet and access the admin login for the PBX. If the end user is already using port 80 you will have to configure a 1 to 1 NAT of a different port (8080) to port 80 as the web access port on the PBX cannot be changed.
- Example Router Forwarding Interface: DDWRT – Below is a screenshot from a router loaded with DDWRT Open Source firmware. The configuration screen for Port Forwarding is pretty standard.