Has anyone successfully gotten a ATT Microcell to work behind shorewall? I''ve been playing around with the IPSEC settings trying to get it working with no avail. Below is all the firewall configuration information that is available on ATT webpage. Configure the network to allow the following: DHCP is on Port Blocking is either turned off or allowing ports 4500 and 500 MTU size is set to 1492 MAC address filtering is either turned off or allowing the MAC address of the AT&T 3G MicroCell IPSec Pass-Through is Enabled Block Fragmented Packets is Disabled If using multiple routers, the 3G MicoCell must be connected to the first router connected to the broadband modem If the 3G MicroCell is connected to a router that is connected to a modem and both the router and the modem have NAT (Network Address Translation) enabled, disable NAT either in the router or the modem. Ensure the modem / router is using the latest software (firmware). Please see the manufacturer''s documentation. TCP/UDP Ports NOTE: All ports listed need to be configured for inbound and outbound connections. 123/UDP: NTP timing (NTP traffic) 443/TCP: Https over TLS/SSL for provisioning and management traffic 4500/UDP: IPSec NAT Traversal (for all signaling, data, voice traffic) 500/UDP: IPSec Phase 1 prior to NAT detection (after NAT detection, 4500/UDP is used) 4500/UDP: After NAT detection, 4500/UDP is used Thanks, Sean -- If all printers were determined not to print anything till they were sure it would offend nobody, there would be very little printed. - Benjamin Franklin ------------------------------------------------------------------------------ uberSVN''s rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev
On 11 August 2011 04:37, Sean Whitney <sean.whitney@gmail.com> wrote:> Has anyone successfully gotten a ATT Microcell to work behind shorewall? >One our our customers has an Optus HomeZone, which I think is the same thing. We just did this and it worked fine: DNAT net loc:192.168.1.25 udp 123 DNAT net loc:192.168.1.25 udp 4500 DNAT net loc:192.168.1.25 udp 500 I can put you in touch with the tech who went onsite if you like - he said some other stuff on the thing itself needed to be done as well. Dave ------------------------------------------------------------------------------ EMC VNX: the world''s simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
I ended up moving it outside the firewall (I have 8 IPs from Qwest) and after two months of just sitting there Saturday morning it started working. I think that ATT has pushed out a updated that fixed a problem with the Qwest DSL. I''ll try these settings behind the firewall. Thanks, Sean On 08/29/2011 04:09 AM, Dave Kempe wrote:> > > On 11 August 2011 04:37, Sean Whitney <sean.whitney@gmail.com > <mailto:sean.whitney@gmail.com>> wrote: > > Has anyone successfully gotten a ATT Microcell to work behind shorewall? > > > One our our customers has an Optus HomeZone, which I think is the same > thing. > We just did this and it worked fine: > DNAT net loc:192.168.1.25 udp 123 > DNAT net loc:192.168.1.25 udp 4500 > DNAT net loc:192.168.1.25 udp 500 > > > I can put you in touch with the tech who went onsite if you like - he > said some other stuff on the thing itself needed to be done as well. > > Dave > > > > ------------------------------------------------------------------------------ > EMC VNX: the world''s simplest storage, starting under $10K > The only unified storage solution that offers unified management > Up to 160% more powerful than alternatives and 25% more efficient. > Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev > > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users-- If all printers were determined not to print anything till they were sure it would offend nobody, there would be very little printed. - Benjamin Franklin ------------------------------------------------------------------------------ EMC VNX: the world''s simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev