It looks like I can’t use IPset??
What do you mean by "simple masks"? What do you want to accomplish?
1 Like
I’m running VOIP. I want to add a range of server addresses
You can use nftset, load content from file. But what dropbear has to do with it? It is SSH server only, not router software with netmasks. Can you show us guidance from your voip provider?
1 Like
- 199.87.144.0/21 & 204.11.192.0/22 PASS. I read this can be easily set-up in DHCP
That is not DHCP's or drop bears work. You have to add port forwards via firewall as specified by your provider following example with ports X subnets like in
I think I pieced it together.
config nat
option name 'Callcentric_1'
list proto 'udp'
option src 'lan'
option src_ip '199.87.144.0/21'
option src_port '5080'
option dest_ip '172.16.20.27'
option dest_port '5586'
option target 'ACCEPT'
config nat
option name 'Callcentric_2'
list proto 'udp'
option src 'lan'
option src_ip '204.11.192.0/22'
option src_port '5080'
option dest_ip '172.16.20.27'
option dest_port '5586'
option target 'ACCEPT'
I want to use luci
Should be port range 1 per phone for SIP and 1 per call for RTP. ie something like 1000+ for each protocol.
Figured a simpler way.
config rule
option src 'wan'
option dest 'lan'
list dest_ip 'nn.nn.nn.nn'
option dest_port 'nnnn'
option target 'ACCEPT'
list proto 'udp'
list src_ip '199.87.144.0/21'
list src_ip '204.11.192.0/22'
option src_port '5080'
option family 'ipv4'
option name 'Callcentric_SIP
What? Cant help with your blogging as you are not able to point to documentation you are secretly reading.
1 Like
These rules won't actually do anything though, because a simple forward rule can't go backward through NAT.
In general it isn't necessary to change the default firewall to use a SIP phone. The periodic outgoing register packets from the phone keep a "hole" in NAT open. An incoming call arrives on the same address and port as was used for register.
2 Likes
Sometimes it comes to incoming calls....
already fixed 
1 Like