[svlug] lingo broadband phone behind linux router (icmp 36: time exceeded in-transit)

Erik Steffl steffl at bigfoot.com
Thu Dec 30 22:43:48 PST 2004


   I am trying to make the Lingo (http://www.lingo.com) broadband phone 
work behind the linux firewall. It does not work, I am somewhat confused 
about why they asked me to forward ports 1024-1028 to Lingo (those are 
the first dynamically assigned ports, wouldn't they be used by services 
started on the router itself?).

   The only indication of what is possibly wrong is the error that I see 
in tcpdump: GE7-ar03-1019m-sfo.unitedlayer.com > jojda.zasran.com: icmp 
36: time exceeded in-transit (only udp is forwarded, not icmp). And the 
fact that the VOIP never starts to work.

   Any ideas on how to set this up? The details of my setup as well as 
tcpdump output is below. Any pointers to docs (or solutions) 
appreciated. I've googled for various relevant terms and learned a lot 
about iptables and port forwarding etc. but nothing that would get me 
further.

   Here's my setup (not recommended but approved by Lingo):

   WAN: phone line - dsl modem - linux machine eth0 (no PPPoE, just 
straight ethernet)

   LAN: linux machine eth1 - netgear switch - Lingo (no other devices 
during testing of Lingo)

   Following ports are forwarded to Lingo device (at least I think so), 
that's what Lingo customer support told me it needs (they also told me 
it needs 123 and 53 but I guess it needs outbound connection on those 
ports, not port forwarding for inbound connections):

1024 1025 1026 1027
5060 5061 5062 5063 5064 5065
10000 10001 10002 10003 10004 10005

   the commands I use to set up the port forwarding:

     /sbin/iptables -t nat -A PREROUTING -p udp -i eth0 -d 198.144.206.234 \
     --dport $port -j DNAT --to $LINGO_IP:$port
   /sbin/iptables -A FORWARD -p udp -i eth0 -d $LINGO_IP --dport $port 
-j ACCEPT

   where $LINGO_IP is 192.168.0.200 and port is one of the ports above.

   Here's what works:

   - lingo gets an IP assigned by dhcp (192.168.0.200, based on MAC)

   - lingo responds on port 80 (admin/config interface), it says it's 
not conected to VOIP but other than that it does not indicate any errors.

   - lingo sends out _some_ requests out, at least some of it tftp

   - at least some port forwarding works because etherape shows trafic 
from Lingo to my linux router and out (to few IPs outside) and then 
traffic coming from those IPs it contacted all the way back to Lingo device.

   PROBLEM: the Lingo device never does whatever it needs to do and the 
VOIP led us never turned on.

   jojda:/home/erik# iptables -v -L
Chain INPUT (policy ACCEPT 274K packets, 114M bytes)
  pkts bytes target     prot opt in     out     source 
destination

Chain FORWARD (policy ACCEPT 420 packets, 26489 bytes)
  pkts bytes target     prot opt in     out     source 
destination
   118 64192 ACCEPT     udp  --  eth0   any     anywhere 
192.186.0.200       udp dpt:1024
   120 65280 ACCEPT     udp  --  eth0   any     anywhere 
192.186.0.200       udp dpt:1025
    33 11536 ACCEPT     udp  --  eth0   any     anywhere 
192.186.0.200       udp dpt:1026
    29  9963 ACCEPT     udp  --  eth0   any     anywhere 
192.186.0.200       udp dpt:1027
     0     0 ACCEPT     udp  --  eth0   any     anywhere 
192.186.0.200       udp dpt:5060
     0     0 ACCEPT     udp  --  eth0   any     anywhere 
192.186.0.200       udp dpt:5061
     0     0 ACCEPT     udp  --  eth0   any     anywhere 
192.186.0.200       udp dpt:5062
     0     0 ACCEPT     udp  --  eth0   any     anywhere 
192.186.0.200       udp dpt:5063
     0     0 ACCEPT     udp  --  eth0   any     anywhere 
192.186.0.200       udp dpt:5064
     0     0 ACCEPT     udp  --  eth0   any     anywhere 
192.186.0.200       udp dpt:5065
     0     0 ACCEPT     udp  --  eth0   any     anywhere 
192.186.0.200       udp dpt:10000
     0     0 ACCEPT     udp  --  eth0   any     anywhere 
192.186.0.200       udp dpt:10001
     0     0 ACCEPT     udp  --  eth0   any     anywhere 
192.186.0.200       udp dpt:10002
     0     0 ACCEPT     udp  --  eth0   any     anywhere 
192.186.0.200       udp dpt:10003
     0     0 ACCEPT     udp  --  eth0   any     anywhere 
192.186.0.200       udp dpt:10004
     0     0 ACCEPT     udp  --  eth0   any     anywhere 
192.186.0.200       udp dpt:10005

Chain OUTPUT (policy ACCEPT 267K packets, 52M bytes)
  pkts bytes target     prot opt in     out     source 
destination
jojda:/home/erik#

----------------------------------------------------------
----------------------------------------------------------
----------------------------------------------------------
   tcpdump of Lingo communication to router:

  length: 328) 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, 
Request from 00:0e:9b:80:78:cd, length: 300, xid:0x7bdf, secs:2, flags: 
[none]
           Client Ethernet Address: 00:0e:9b:80:78:cd [|bootp]
22:19:56.367633 IP (tos 0x10, ttl  64, id 0, offset 0, flags [none], 
length: 328) 192.168.0.1.bootps > 192.168.0.200.bootpc: BOOTP/DHCP, 
Reply, length: 300, xid:0x7bdf, secs:2, flags: [none]
           Your IP: 192.168.0.200
           Server IP: 192.168.0.1
           Client Ethernet Address: 00:0e:9b:80:78:cd [|bootp]
22:19:56.369013 arp who-has 192.168.0.200 tell 172.25.25.1
22:19:56.667219 arp reply 172.25.25.1 is-at 00:0e:9b:80:78:cd
22:19:56.668614 arp who-has 172.25.25.1 tell 172.25.25.1
22:19:56.671373 arp who-has 192.168.0.200 tell 172.25.25.1
22:19:57.008783 arp who-has 192.168.0.1 tell 192.168.0.200
22:19:57.008796 arp reply 192.168.0.1 is-at 00:50:ba:4d:1a:58
22:19:57.009978 IP (tos 0x0, ttl  64, id 6, offset 0, flags [none], 
length: 72) 192.168.0.200.1024 > 209.227.167.162.tftp: [udp sum ok]  44 
RRQ "U53V005.00.00_UTSTARCOM-GENERAL.CFG" octet
22:19:59.007120 IP (tos 0x0, ttl  64, id 7, offset 0, flags [none], 
length: 72) 192.168.0.200.1024 > 209.227.167.162.tftp: [udp sum ok]  44 
RRQ "U53V005.00.00_UTSTARCOM-GENERAL.CFG" octet
22:20:01.007061 IP (tos 0x0, ttl  64, id 8, offset 0, flags [none], 
length: 72) 192.168.0.200.1024 > 209.227.167.162.tftp: [udp sum ok]  44 
RRQ "U53V005.00.00_UTSTARCOM-GENERAL.CFG" octet
22:20:03.007013 IP (tos 0x0, ttl  64, id 9, offset 0, flags [none], 
length: 72) 192.168.0.200.1024 > 209.227.167.162.tftp: [udp sum ok]  44 
RRQ "U53V005.00.00_UTSTARCOM-GENERAL.CFG" octet
22:20:05.006970 IP (tos 0x0, ttl  64, id 10, offset 0, flags [none], 
length: 72) 192.168.0.200.1024 > 209.227.167.162.tftp: [udp sum ok]  44 
RRQ "U53V005.00.00_UTSTARCOM-GENERAL.CFG" octet
22:20:07.047374 IP (tos 0x0, ttl  64, id 26, offset 0, flags [none], 
length: 77) 192.168.0.200.1025 > 209.227.167.162.tftp: [udp sum ok]  49 
RRQ "U53V005.00.00_UTSTARCOM-000E9B8078CD.CFG" octet
22:20:09.046891 IP (tos 0x0, ttl  64, id 27, offset 0, flags [none], 
length: 77) 192.168.0.200.1025 > 209.227.167.162.tftp: [udp sum ok]  49 
RRQ "U53V005.00.00_UTSTARCOM-000E9B8078CD.CFG" octet
22:20:11.046849 IP (tos 0x0, ttl  64, id 28, offset 0, flags [none], 
length: 77) 192.168.0.200.1025 > 209.227.167.162.tftp: [udp sum ok]  49 
RRQ "U53V005.00.00_UTSTARCOM-000E9B8078CD.CFG" octet
22:20:13.046804 IP (tos 0x0, ttl  64, id 29, offset 0, flags [none], 
length: 77) 192.168.0.200.1025 > 209.227.167.162.tftp: [udp sum ok]  49 
RRQ "U53V005.00.00_UTSTARCOM-000E9B8078CD.CFG" octet
22:20:15.046763 IP (tos 0x0, ttl  64, id 30, offset 0, flags [none], 
length: 77) 192.168.0.200.1025 > 209.227.167.162.tftp: [udp sum ok]  49 
RRQ "U53V005.00.00_UTSTARCOM-000E9B8078CD.CFG" octet
22:20:16.393728 IP (tos 0x0, ttl  64, id 1240, offset 0, flags [DF], 
length: 232) 192.168.0.1.who > 192.168.0.255.who: UDP, length: 204
22:20:17.083521 IP (tos 0x0, ttl  64, id 46, offset 0, flags [none], 
length: 88) 192.168.0.200.1026 > 209.227.167.162.tftp:  60 RRQ 
"000E9B8078/U53V005.00.00_UTSTARCOM-000E9B8078CD.CFG"
22:20:19.086762 IP (tos 0x0, ttl  64, id 47, offset 0, flags [none], 
length: 88) 192.168.0.200.1026 > 209.227.167.162.tftp:  60 RRQ 
"000E9B8078/U53V005.00.00_UTSTARCOM-000E9B8078CD.CFG"
22:20:21.086715 IP (tos 0x0, ttl  64, id 48, offset 0, flags [none], 
length: 88) 192.168.0.200.1026 > 209.227.167.162.tftp:  60 RRQ 
"000E9B8078/U53V005.00.00_UTSTARCOM-000E9B8078CD.CFG"
22:20:23.086670 IP (tos 0x0, ttl  64, id 49, offset 0, flags [none], 
length: 88) 192.168.0.200.1026 > 209.227.167.162.tftp:  60 RRQ 
"000E9B8078/U53V005.00.00_UTSTARCOM-000E9B8078CD.CFG"
22:20:25.086637 IP (tos 0x0, ttl  64, id 50, offset 0, flags [none], 
length: 88) 192.168.0.200.1026 > 209.227.167.162.tftp:  60 RRQ 
"000E9B8078/U53V005.00.00_UTSTARCOM-000E9B8078CD.CFG"
22:20:27.121639 IP (tos 0x0, ttl  64, id 66, offset 0, flags [none], 
length: 68) 192.168.0.200.1027 > 209.227.167.162.tftp: [udp sum ok]  40 
RRQ "U53V005.00.00_UTSTARCOM-600.CFG" octet
22:20:29.116460 IP (tos 0x0, ttl  64, id 67, offset 0, flags [none], 
length: 68) 192.168.0.200.1027 > 209.227.167.162.tftp: [udp sum ok]  40 
RRQ "U53V005.00.00_UTSTARCOM-600.CFG" octet
22:20:31.116406 IP (tos 0x0, ttl  64, id 68, offset 0, flags [none], 
length: 68) 192.168.0.200.1027 > 209.227.167.162.tftp: [udp sum ok]  40 
RRQ "U53V005.00.00_UTSTARCOM-600.CFG" octet
22:20:33.116366 IP (tos 0x0, ttl  64, id 69, offset 0, flags [none], 
length: 68) 192.168.0.200.1027 > 209.227.167.162.tftp: [udp sum ok]  40 
RRQ "U53V005.00.00_UTSTARCOM-600.CFG" octet
22:20:35.116334 IP (tos 0x0, ttl  64, id 70, offset 0, flags [none], 
length: 68) 192.168.0.200.1027 > 209.227.167.162.tftp: [udp sum ok]  40 
RRQ "U53V005.00.00_UTSTARCOM-600.CFG" octet
22:20:37.223817 IP (tos 0x0, ttl  64, id 80, offset 0, flags [none], 
length: 61) 192.168.0.200.1028 > ns.tsoft.net.domain: [udp sum ok]  1+ 
A? sip.iprimus.net. (33)
22:20:37.236123 IP (tos 0x0, ttl  61, id 35631, offset 0, flags [none], 
length: 179) ns.tsoft.net.domain > 192.168.0.200.1028:  1 1/3/3 
sip.iprimus.net. A 209.227.167.230 (151)
22:20:37.238679 IP (tos 0x0, ttl  64, id 81, offset 0, flags [none], 
length: 61) 192.168.0.200.1029 > ns.tsoft.net.domain: [udp sum ok]  2+ 
A? sip.iprimus.net. (33)
22:20:37.251824 IP (tos 0x0, ttl  61, id 35633, offset 0, flags [none], 
length: 179) ns.tsoft.net.domain > 192.168.0.200.1029:  2 1/3/3 
sip.iprimus.net. A 209.227.167.230 (151)
22:20:42.235024 arp who-has 192.168.0.200 tell 192.168.0.1
22:20:42.236369 arp reply 192.168.0.200 is-at 00:0e:9b:80:78:cd

----------------------------------------------------------
----------------------------------------------------------
----------------------------------------------------------
   tcpdump of eth0 (outside connection):

22:19:57.010020 IP (tos 0x0, ttl  63, id 6, offset 0, flags [none], 
length: 72) jojda.zasran.com.1024 > 209.227.167.162.tftp: [udp sum ok] 
44 RRQ "U53V005.00.00_UTSTARCOM-GENERAL.CFG" octet
22:19:57.113838 IP (tos 0x0, ttl  50, id 5423, offset 0, flags [DF], 
length: 544) 209.227.167.162.36173 > jojda.zasran.com.1024: UDP, length: 516
22:19:57.113881 IP (tos 0x0, ttl  49, id 5423, offset 0, flags [DF], 
length: 544) jojda.zasran.com.36173 > 192.186.0.200.1024: UDP, length: 516
22:19:57.141984 IP (tos 0xc0, ttl 251, id 10089, offset 0, flags [none], 
length: 56) GE7-ar03-1019m-sfo.unitedlayer.com > jojda.zasran.com: icmp 
36: time exceeded in-transit
22:19:57.142017 IP (tos 0xc0, ttl 250, id 10089, offset 0, flags [none], 
length: 56) jojda.zasran.com > 209.227.167.162: icmp 36: time exceeded 
in-transit
22:19:58.112441 IP (tos 0x0, ttl  50, id 5424, offset 0, flags [DF], 
length: 544) 209.227.167.162.36173 > jojda.zasran.com.1024: UDP, length: 516
22:19:58.112465 IP (tos 0x0, ttl  49, id 5424, offset 0, flags [DF], 
length: 544) jojda.zasran.com.36173 > 192.186.0.200.1024: UDP, length: 516
22:19:58.141677 IP (tos 0xc0, ttl 251, id 10094, offset 0, flags [none], 
length: 56) GE7-ar03-1019m-sfo.unitedlayer.com > jojda.zasran.com: icmp 
36: time exceeded in-transit
22:19:58.141701 IP (tos 0xc0, ttl 250, id 10094, offset 0, flags [none], 
length: 56) jojda.zasran.com > 209.227.167.162: icmp 36: time exceeded 
in-transit
22:19:59.007145 IP (tos 0x0, ttl  63, id 7, offset 0, flags [none], 
length: 72) jojda.zasran.com.1024 > 209.227.167.162.tftp: [udp sum ok] 
44 RRQ "U53V005.00.00_UTSTARCOM-GENERAL.CFG" octet
22:19:59.103741 IP (tos 0x0, ttl  50, id 5622, offset 0, flags [DF], 
length: 544) 209.227.167.162.36175 > jojda.zasran.com.1024: UDP, length: 516
22:19:59.103774 IP (tos 0x0, ttl  49, id 5622, offset 0, flags [DF], 
length: 544) jojda.zasran.com.36175 > 192.186.0.200.1024: UDP, length: 516
22:19:59.131421 IP (tos 0xc0, ttl 251, id 10101, offset 0, flags [none], 
length: 56) GE7-ar03-1019m-sfo.unitedlayer.com > jojda.zasran.com: icmp 
36: time exceeded in-transit
22:19:59.131444 IP (tos 0xc0, ttl 250, id 10101, offset 0, flags [none], 
length: 56) jojda.zasran.com > 209.227.167.162: icmp 36: time exceeded 
in-transit
22:20:00.102191 IP (tos 0x0, ttl  50, id 5623, offset 0, flags [DF], 
length: 544) 209.227.167.162.36175 > jojda.zasran.com.1024: UDP, length: 516
22:20:00.102214 IP (tos 0x0, ttl  49, id 5623, offset 0, flags [DF], 
length: 544) jojda.zasran.com.36175 > 192.186.0.200.1024: UDP, length: 516
22:20:00.111983 IP (tos 0x0, ttl  50, id 5425, offset 0, flags [DF], 
length: 544) 209.227.167.162.36173 > jojda.zasran.com.1024: UDP, length: 516
22:20:00.112003 IP (tos 0x0, ttl  49, id 5425, offset 0, flags [DF], 
length: 544) jojda.zasran.com.36173 > 192.186.0.200.1024: UDP, length: 516
22:20:00.130961 IP (tos 0xc0, ttl 251, id 10117, offset 0, flags [none], 
length: 56) GE7-ar03-1019m-sfo.unitedlayer.com > jojda.zasran.com: icmp 
36: time exceeded in-transit
22:20:00.130988 IP (tos 0xc0, ttl 250, id 10117, offset 0, flags [none], 
length: 56) jojda.zasran.com > 209.227.167.162: icmp 36: time exceeded 
in-transit
22:20:00.144336 IP (tos 0xc0, ttl 251, id 10118, offset 0, flags [none], 
length: 56) GE7-ar03-1019m-sfo.unitedlayer.com > jojda.zasran.com: icmp 
36: time exceeded in-transit
22:20:00.144368 IP (tos 0xc0, ttl 250, id 10118, offset 0, flags [none], 
length: 56) jojda.zasran.com > 209.227.167.162: icmp 36: time exceeded 
in-transit
... more of the same ...

   any ideas?

   TIA,

	erik




More information about the svlug mailing list