camattin
join:1999-08-15
Kernersville, NC
2 edits | Pre-N and VOIP woes
Well, I bit the bullet and finally bought one.
As of right now, my only issue with it is that the firewall breaks my VOIP service (Vonage). Here's a snippet from the firewall logs:
2005-09-16 11:26:43 [HOST Attack: UDP Flood] (UDP) WAN to LAN 69.59.248.155:12960->a.b.c.d :10050 [Drop]
2005-09-16 11:26:43 [HOST Attack: UDP Flood] (UDP) LAN to WAN 192.168.2.3:10050->69.59.248 .155:12960 [Drop]
2005-09-16 11:26:44 [UDP Flood] (UDP) WAN to LAN 69.59.248.155:12960->a.b.c.d:10050 [Drop]
2005-09-16 11:26:44 [HOST Attack: UDP Flood] (UDP) WAN to LAN 69.59.248.155:12960->a.b.c.d :10050 [Drop]
2005-09-16 11:26:44 [HOST Attack: UDP Flood] (UDP) LAN to WAN 192.168.2.3:10050->69.59.248 .155:12960 [Drop]
I've sent an email to Belkin tech support... we'll see if they respond (after the h*** I just went through with buy.com's customer support, my expectations are low!!!).
Anyone here have any thoughts?
The really annoying thing is that turning off the firewall doesn't turn off the "DoS" .. umm .. 'features'. :(
UPDATE: Turning off the firewall AND REBOOTING allows VOIP to work. When you turn off the firewall, it doesn't say you have to reboot and it doesn't reboot for you. But I rebooted the router manually through the web interface, and Vonage started working. The worse part of having the firewall off is having to put my work laptop in the DMZ to get the VPN working, since Belkin won't allow you to forward anything but TCP or UDP... I need to forward IP 50 for the VPN client.
-mod note, replaced pre tags with code tags to stop the margin blowout. |
|
texxsharkk
join:2005-08-24
Lake Stevens, WA | did you turn "ON" QoS? |
|
camattin
join:1999-08-15
Kernersville, NC | Yup... QoS on and off didn't make a difference. |
|
texxsharkk
join:2005-08-24
Lake Stevens, WA
 ·Comcast
 ·Teleblend
| reply to camattin
Honestly, I can't really explain it, but I was having problems similar to you for a while and I really thought it was the router. I really never did much other than a series of reloading firmware, rebooting quite a few times, running some tweak tests (you can find them here in the test section of this site)...and it seemed to 'magically' repair itself! Still not sure what the problem really was. My VoIP provider was having issues around the same time, so it could have been that.
I notice now that my upload speeds are pretty consistently running around 100kbs less when I'm using the VoIP, so that tells me the router QoS function is working.
When all else fails, disconnect everything, plug back in this order: modem (let boot up), router (let boot up), VoIP box (let boot up), then plug in your ethernet connections and boot up your computers...its worth a try...
Have you tried running any QoS tests? Try »myspeed.visualware.com
...it will give you speeds and QoS percentage. |
|
camattin
join:1999-08-15
Kernersville, NC
| No QoS issues here... it is simply the firewall blocking the UDP packets.
For the record, my QoS as reported by that website is 98%, rtt of only 2ms and max latency of 15ms... my connection rocks  .
On a side note...I did some speed tests through speakeasy's site before and after I switched out the routers (this belkin replaced a dlink) and saw marginally higher throughput... by about 10kbytes/s on download). |
|
texxsharkk
join:2005-08-24
Lake Stevens, WA | reply to camattin
I don't know...I have my firewall turned on and don't seem to have the same problems... |
|
camattin
join:1999-08-15
Kernersville, NC | Do you have version 1 or 2? Wonder if they made some default changes between the two revs? |
|
texxsharkk
join:2005-08-24
Lake Stevens, WA | I have version 1 (1002)...bought it the first week of August at Costco... |
|
camattin
join:1999-08-15
Kernersville, NC | Hmm... can anyone with a V2000 router chime in? I bet they changed quite a few things, and the UDP flood detection might very well have been one of them. |
|
aktur
join:2004-12-08
Netherlands | reply to camattin
All I know that I'm using skype with Pre-N without any problem. Wired and wireless. |
|
stevedaulton
join:2004-05-12
Ruston, LA
| reply to camattin
I can verify that v2 of the pre-n router does indeed break VOIP. The SPI firewall is dropping out UDP packets as a DOS flood. You can look in the log file and see it. It is highly annoying as v1 of the pre-n router did not do this, at least not for me. I can also confirm that you must reboot the router after disabling the firewall or it won't work. Additionally, putting the voip adapter in the DMZ doesn't make a difference, reboot or not. I also updated to the 2.01.02 US version and it makes no difference either. Here is the log for any one interested:
DoS log:
2005-09-20 22:40:30 [UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:30 [HOST Attack: UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:30 [HOST Attack: UDP Flood] (UDP) WAN to LAN 64.61.93.51:11898->65.13.190.234:16440 [Drop]
2005-09-20 22:40:31 [UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:31 [HOST Attack: UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:31 [HOST Attack: UDP Flood] (UDP) WAN to LAN 64.61.93.51:11898->65.13.190.234:16440 [Drop]
2005-09-20 22:40:32 [UDP Flood] (UDP) WAN to LAN 64.61.93.51:11898->65.13.190.234:16440 [Drop]
2005-09-20 22:40:32 [HOST Attack: UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:32 [HOST Attack: UDP Flood] (UDP) WAN to LAN 64.61.93.51:11898->65.13.190.234:16440 [Drop]
2005-09-20 22:40:33 [UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:33 [HOST Attack: UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:33 [HOST Attack: UDP Flood] (UDP) WAN to LAN 64.61.93.51:11898->65.13.190.234:16440 [Drop]
2005-09-20 22:40:34 [UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:34 [HOST Attack: UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:34 [HOST Attack: UDP Flood] (UDP) WAN to LAN 64.61.93.51:11898->65.13.190.234:16440 [Drop]
2005-09-20 22:40:35 [UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:35 [HOST Attack: UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:35 [HOST Attack: UDP Flood] (UDP) WAN to LAN 64.61.93.51:11898->65.13.190.234:16440 [Drop]
2005-09-20 22:40:36 [UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:36 [HOST Attack: UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:36 [HOST Attack: UDP Flood] (UDP) WAN to LAN 64.61.93.51:11898->65.13.190.234:16440 [Drop]
2005-09-20 22:40:37 [UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:37 [HOST Attack: UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:37 [HOST Attack: UDP Flood] (UDP) WAN to LAN 64.61.93.51:11898->65.13.190.234:16440 [Drop]
2005-09-20 22:40:38 [UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:38 [HOST Attack: UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:38 [HOST2005-09-20 22:40:39 [UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:39 [HOST Attack: UDP Flood] (UDP) LAN to WAN 192.168.2.2:16440->64.61.93.51:11898 [Drop]
2005-09-20 22:40:39 [HOST Attack: UDP Flood] (UDP) WAN to LAN 64.61.93.51:11898->65.13.190.234:16440 [Drop] |
|
camattin
join:1999-08-15
Kernersville, NC
1 edit | I sent, and got a reply, from tech support on this issue. No resolution yet, though. I haven't called them yet... since having the firewall off hasn't caused an increase in problems [i wound up not having to put my laptop that needs VPN access into the DMZ -- turning off the firewall /and/ rebooting solved that issue].
Thank you for contacting Belkin Technical Support:
We will check if we can replicate the problem and we will get back to you as soon as we can. I apologize for the inconvenience.
If you still have problems, please contact us at 800-2235546 ext. 1093 to better assist you. Our Networking Support hours are 24/7. Anybody from our team should be more than happy to assist you with your technical issues.
Thank you,
Sam Villa
Technical Support
Belkin Corporation
Corporate Office
I figure give them a week or so to chew on it, then I'll pester them for updates. |
|
stevedaulton
join:2004-05-12
Ruston, LA
| reply to camattin
Here is what I can tell about the firewall part of the router:
1) It prevents DOS, SYN, UDP, etc.. floods and attacks. That is pretty cool, except it is screwing up VOIP. Ironic that this router has a QOS setting that smooths out VOIP yet the SPI firewall kills it almost completely.
2) The NAT functions on the router are protecting it as well as just about any other run of the mill router out there, even with the firewall off.
3) As far as I can tell, v2 of the router adds the firewall and v1 did not have it at all. So it is no more insecure as running the original v1 (which I have as well).
Bottom line, I am just as protected as I was before I bought the v2 to replace my broken v1, so I am happy. Although I will really love it if and when they fix the firewall for VOIP. |
|
mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON
| said by stevedaulton  :3) As far as I can tell, v2 of the router adds the firewall and v1 did not have it at all. So it is no more insecure as running the original v1 (which I have as well). The F5D8230-4 version 1000 series, has from its release, support for Stateful Packet Inspection [SPI Firewall] and Network Address Translation [NAT - also a form of Firewall]. The version 1000 series did not provide security logging of value where anyone who understands how to read the output could make an intelligent assessment of the traffic being logged. The QoS implementation on the 1000 series works well for me [VoIP specifically]
The version 2000 series of the F5D8230 improves on the logging -- however I have not had the time needed to fully asses its merits. My tests so far also show that the 2000 series of this device is [30% +/- 5%] slower than the 1000 series.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business |
|
Peter in NJ
@199.67.x.x
| reply to camattin
I have Vonage and Belkin pre-N router v1002.
is v.1002 what you mean by v2 (as opposed to v.2000)?
I have not read through this entire thread thoroughly, but I just want to say that my Vonage service works fine.
I did have some trouble with my alarm system's "kiss off" when trying to communicate with the monitoring center, which resulted in mutliple redial attempts and finally display of 'FC' on the keypad (or 'comm.failure' om 2nmd keypad).
This is apparently because the data is being transmitted
too fast to be fully understood.
I did some research and suggested to my friendly alarm installer that a "4+2 format" might help.
We ran a test (by temporarily programming my keypad with another account number that belongs to someone who has an older alarm that uses 4+2 and it worked on the first attempt. He is coming by tomorrow to reprogrammy unit; seems every zone has to reprogrammed (and re-tested).
The strange thing is that I hardly ever had problems with the current transmission format 'Contact ID' up until
a month or two ago, even though I had Vonage for years and have had this alarm for a year now.
Interestingly someone else experienced the exact same problem, where it stopped working about a month or two ago.
I will ask Vonage again if something was changed.
The Vonage technician (before I found out about '4+2' by googline even more and by testing it with my installer later that day) gave two possible reasons / solutions:
One was correct in that "lowering baud rate", which essentially comes down to switching to '4+2' format)
The other was grasping at straws at electromagnetic interference of large devices (microwave garage door opener) interefering with transmission over the WIRED telephone line .
I have a feeling Vonage changed something recently, but I don't know what.
The '4+2' format adds 7 seconds to the signal transmission time to the monitoring station, but that isn't a big deal; I doubt the burglar is going to stick around with a very loud siren ringing and a police station 1 minute drive away... |
|
Neosum
Premium
join:2000-06-03
Oakland, CA
1 edit | I know this is an old thread but it seems the question was never answered. I have the same problem with this same belkin router, firmware version 2.00.06
Model: F5D8230-4 v2
I don't see an option to turn on or off QoS. I don't see any option to turn off SPI either. Was this issue ever resolved?
Below is a new thread I started before I found this thread.
»[Vonage] Phone adapter behind firewall problem
I would love to get a solution to this problem without having to buy new hardware.
EDIT: Problem solved. Disabled firewall, QoS was enabled by default.QoS located under "wireless" and disabling firewall was under the main firewall tab rather than the subtabs. |
|
dpa482
join:2003-09-11
40699
| reply to camattin
Operate the pre-n in access point mode. The problem with the pre-n is the firewall. By using access point mode you disable the firewall and this will clear up problems with VOIP. Hopefully Belkin will come out with a new firmare update that will solve this problem. You will need to use either a software (zone alarm) based firewall or put your pre-n behind another router. Mine is behind a D-link 604. |
|
antun
join:2006-01-01
San Francisco, CA
| reply to camattin
I am having problems making VOIP calls (using Skype) and I've just installed the Belkin Pre-N router.
- I've downloaded and installed the latest firmware update from Belkin (dated 9/12/2005).
- I've disabled the firewall.
- I've checked my connection speed and QOS, and they're both fine.
Before finding this thread, I could not HEAR or BE HEARD clearly. Making the above changes meant that I could HEAR inbound voice clearly, but outgoing voice is still very, very unclear.
Any ideas on this?
-Antun |
|
antun
join:2006-01-01
San Francisco, CA | reply to camattin
Update:
You need to restart the router after turning the firewall off, in order to enforce the changes.
-Antun |
|
headcase99
@rr.com
| reply to camattin
Got to admit this thread has been extremely helpful for me, for reasons other than VoIP.
I recently purchased the Pre-N from Costco, after reading some fabulous performance reviews on the web. I've got some Macs with built-in 802.11b cards (Airport), including my Titanium Powerbook with it's famously weak built-in antennae.
After trying the Pre-N with my Macs, I was pumped -- what an incredible jump in performance and range, even with the 802.11b cards! So I knew this was the wireless router for me. But alas, I had a new problem: my Cisco VPN client would connect to the office, but not work properly (pass traffic) on wireless or wired. I googled all over the Net, and found out that if I upgraded to the 2.01.02 firmware, it should resove that. Upgraded, and now it works.
But after the firmware upgrade, suddenly my Real Player streaming videos had extremely poor audio on wireless or wired. And the suggestion on this thread to disable the firewall (and reboot!) solved it -- now all is well until Belkin provides an update.
Lets just hope they don't break something else while fixing the firewall. |
|
