The last week i was very busy with setting something up which seems easy in the beginning but turns out to be very difficult in the end. Following situation, we plan to change our phone provider from an „analog“ one to a digital one to get the advantages of the voip features. So we took a 30 day trial from So far so good. In our office we have an linux box with iptables firewall and routing function configured by shorewall. Everything works great, we even set up a vpn connection a second office. As an voip adapter we tried out the linksys PAP2T which worked in other cases at home before. So i plugged in the phone into the adapter, connected the adapter to the internet and … nothing. Hm, sad, to make a long story short, it took me several days to find out that NAT and SIP is broken by design and that everything works in some cases and others dont. See here for a little bit information i got at the shorewall-users ML: to the world of NAT – a completely and utterly broken

network by design. I want to throttle anyone who tries to tell me

that it not broken or is a good idea – it’s bodge hat breaks lots of

stuff and has significantly contributed to the delays in getting IPv6

going mainstream (because clueless f***wits think NAT is a fix for

lack of address space in IPv4). It breaks both rules of IP addressing

– IP address must be globally unique, and IP addresses must be

globally routable.</rant>„.
Now to the feature of this post. A short some up of how to get things going systematically and the fastest way i think.


  1. Take your adapter to somewhere you know it worked before. I took it to my home lan. Then make it work there with the account you created (for configuration of the adapter have look at this site: its extremely useful and detailed in configuration matters of the most voip devices). Try to make it work without NAT options in your router, if you have one. It can make things easier.

  2. Now take your adapter (you have to use dhcp) to your office and plug it directly into your cable modem or whatever provides you with the internet. Make it work.

  3. Connect your LAN again and plug in your adapter.

  4. If your adapter works now, your fine. If not, step 5

  5. Give your adapter a fixed ip and check the lan settings that they are correct (gateway, nameserver, …)

  6. connect to your linux box and unload the following modules:nf_nat_sip, nf_conntrack_sip

  7. If that doesnt work start to forward port 5060 and the rtp port (mostly 16834-16482, can be configured in the adapter) range to your adapter.

  8. If thats still not enough yet check your adapters settings and see if you can enter a stun server (most sip providers offer one).

  9. If it still doesnt work enter an external ip and try to make that work.

  10. If its still not working you’re fu*** and please have a look at the post in the shorewall ML i linked to above, there are some more ways to get it going.


Thats it, you should be calling now.