loss of internet downstream of Ooma Hub

[EX Bell]

All good points turbo9, and you're correct, routing through a firewall, reserving ports, assigning DHCP is all for the more technical user. This was my point exactly, most of us on this forum are technical enough to handle setting these things up, there's just no clear direction. User's are left reading and reading various posts with no visual examples to follow when it's not an Ooma device routing the traffic. You could refer to your routers documentation, and I'll bet some of them are pretty good, but I know first hand that when too much unrelated detail exists along side a specific scenario, it can confuse even a person who is generally very technical. My posts are probably a good example of that

Ooma doesn't really help with anything other than their default "put the Telo first after the modem" answer in their online documentation. I'm sure there are certain level 2 & 3 techs that are a big help, but phone support is a disaster when two people don't communicate well. Some people are better off and happier figuring it out on their own, they just need guidance. It's people like ibmofo, Thunderbird, Murphy, and others that step up to the plate and really help out the community. I do think there's a lack of third party integration support on Ooma's account. I'm not simplifying the task requirement though. It's a very difficult job to support everyone's hardware out there. What results is copy and paste of the same instruction over and over, that doesn't always relate to a particular scenario. As teddmf points out, there is no user control over the firmware revision on a Telo. You get upgrades, like it or not. This is not comforting if you have your internet routing through your Telo, but you require internet AND phone to run a home business as my wife does. If you have your router managing traffic, you have better control over your environment.

I'm considering putting together a guide that would comprise the advice from senior users together with screenshots of a specific scenario, but a very common and basic one, which is a home network with a highspeed modem, a wireless router, and a Telo. I'd hope that such a post would be contributed to by the community, rather picked apart and criticized because it's different than another persons. It would be great to have separate links to posts covering each of the router manufacturers, with screen shots of how to configure them, but I don't know if that's feasible and/or if it would just create more confusion. I would be willing to post my Cisco Linksys configuration screen shots, along with tips on how to troubleshoot and safely upgrade the stock firmware on these routers. It literally would be about four screenshots for configuring the IP routing and maybe three or four additional if I added Wireless configuration screenshots. It would be great to see Ooma champion a community effort like this as well.

In regard to what you say about the Telo tunneling it's way back home. I'm currious about this statement because it seems to contrict what some people say about issues they having with this scenario, even when they have setup QoS on their router. It would also make it completely unessesary for the Telo to ever be before the router. Of course there are a lot of factors that could contribute to the success or failure of this effort. However, I do understand that this fact elludes a lot of people. When you disconnect the ethernet from the back of your Telo and plug it into your PC (without a firewall running on your PC), what's the result when you run the All Service Ports test of SheildsUP! on Steve Gibson's site? Are all ports stealth? The reason I put my Telo in the DMZ was to prevent the router's firewall from blocking any traffic to it. This is the equivellent of connecting the Telo directly to the high speed modem, except it's more like connecting both the Telo and the router to the high speed modem In parallel, even though they are physically connected one after the other. I have not tested this on a cable modem since I'm on ADSL, but I think it would probably satisfy the requirement that many Cable ISPs have for only one MAC address to be registered to the ISP at a time. It used to be possible to pay your ISP extra money (a brain dead move of itself) to have more than one MAC address registed at time, but with the number of routers out there instead of the dumb hubs everyone used to have, the cable ISPs may not offer that anymore. Having one device in the DMZ only exposes that device, but allows the rest of your network to remain stealth. As long as that device is the only one on the DMZ and it's not routing packets back to the local network itself AND there are not bugs in the routers firmware (an important and often overlooked issue), then you should be safe from most attacks, except for the group Anonymous. Don't get on their bad side.

[turbo9]

In regard to what you say about the Telo tunneling it's way back home. I'm currious about this statement because it seems to contrict what some people say about issues they having with this scenario, even when they have setup QoS on their router. It would also make it completely unessesary for the Telo to ever be before the router.

When I first got my Telo, I just dumped on my network behind my firewall / router and it worked. So, I think it tunnelled back and said it was ready to go to work. It must leave the tunnel up so that I can receive calls.

When I go off hook on a phone, I see this in my firewall logs: 192.168.0.10 => 38.114.132.204 pop3. This is some server in Cogent's network. I'm not sure what it is doing. I don't see it every time when I go off hook in succession.

When I make a call, I see 192.168.0.10 => 208.83.244.94 3480. That is a call back into Ooma.

I also see 192.168.0.10 => 208.83.244.94 18490 when I hang up.

All my ports report as stealth from sheilds up in normal operating mode. My firewall is doing its job.

So, I think the Telo punches the required hole.

[EX Bell]

Interesting. Maybe one of the senior users here could comment on thier experiences with various router firewalls and the Ooma devices.

It sounds like your router doesn't restrict outbound traffic. Most routers only restrict inbound anyway, which according to Ooma, the Telo usually won't have a problem with. Maybe my particular router model and firmware rev level doesn't restrict outbound traffic either. I didn't try setting it up that way you did. I just configured the Telo MAC address for the DMZ without thinking twice about it, because I don't really care if it's behind a firewall or not. Nothing is ever connected to the Telo Home port other than my laptop for brief periods when I need to configure something, and the Telo hides you behind NAT. Besides that, I have the software firewall enable on my laptop as well. It did eventually get to the point with my wife where the "testing" was drawing to an end and this thing had better work reliably or it's getting the boot. I really wanted it to work and so I pulled out all the stops. To date, it's been a very sucessful effort and I'm quite pleased with Ooma as my home phone service.

Which specific router manufacturer, model number, version and firmware revision level do you use?

[turbo9]

You are correct - the default behaviour is to allow everything outbound.

I restrict a few IP enabled devices outbound (my IP network cameras) just because I don't fully trust them as they appear to be counterfeit. They work great but when the documentation they supply tells you how to check for counterfeit copies and the check shows that they are counterfeit, I think they are counterfeit. No surprise, lots of manufacturers keep the machines running longer than their customer requires. Since they require a bunch of passwords (admin, wireless, ftp, smtp, etc.) and I don't fully control them, I quarantine them.

I have a Cisco (Linksys) wrt310nv2 with firmware v2.0.01 build 004 Jul 1, 2009. Hmm, I just downloaded this and it was the latest version. Seems kind of old for a device I just bought.

[EX Bell]

A good router. That's basically the same as my WRT160N v3, except that it has a Gigabit LAN where mine is just 10/100. That's one of the reasons it's only a gateway from my ISP and not managing my local traffic. My Time Capsule does takes care of local traffic.

OK. In that case I'll try removing the Telo from DMZ and see what happens. Based on your results, nothing should happen and all will be well. They're both old routers. That's the correct, last stable build for your WRT310 v2. Mine was discontinued around the same time, so the last build is 2009 as well. No problem though, it works well. You could always flash it with DD-WRT or Tomato if you want more out of it, but this series of Cisco Linksys tend to run hotter and don't take to kindly to having their transmit power boosted, so you have to either add a cooling fan or keep the power at the normal level and mount them vertically so they cool by convection.

[turbo9]

[You could always flash it with DD-WRT or Tomato if you want more out of it, but this series of Cisco Linksys tend to run hotter and don't take to kindly to having their transmit power boosted, so you have to either add a cooling fan or keep the power at the normal level and mount them vertically so they cool by convection./quote]

Right now, at it's hottest, it is about 35 degrees in the back left top surface corner where the power connects - I have it mounted vertically by my patch panel. Most of the top of it is about 27.

I'm almost happy with the 310N except that it seems to always want to put itself down as the first DNS server in DHCP configurations whereas I would like it to put my DNS server first.

I also read a (likely very old) post that dd-wrt was not stable for the 310 yet.

That's the correct, last stable build for your WRT310 v2. Mine was discontinued around the same time, so the last build is 2009 as well.

I guess that why it was only $30.

[EX Bell]

Sounds to be stable now.
DD-WRT for 310N

It's non-distructive. You just have to follow their directions EXACTLY. If you really want a full featured router, the E2000 or E3000 are very good. My E2000 has DD-WRT on it to serve my media PCs.
I like the E3000 better though. You can still get refurbished E3000 at Canada Computers for $80 and new ones for $109

EDIT: New Cisco Linksys E3000 are available for a while at Costco.ca for $109+tax delivered to your door. A better place to buy if you're a member because the return policy is so good.

[jw56947]

My Telo keeps flashing red and the handsets all say no internet and no vpn. It will do this several times a day and then it will automatically reset itself after a minute or so. It will do it in the middle of a call or when not in use by any other device (computer etc) It seems to do it everyday at 6:30 am when I am talking to my son on his way to work. Yet some days it will do it at 4:30 or 6:30 with no use. My wife wants me to return the unit and go back to Cox telephone. This has been going on for two months. Help

[turbo9]

This could be a problem with your Internet connection. Is the Internet still working when it does this? Does your whatever device closest to your Internet modem get a new DHCP lease at the same time? Your ISP might be changing your IP address every day.

[jw56947]

I cannot be absolutely sure that the modem is working at the time since it is a momentary disruption and I would have to be watching the modem lites. I am not sure how to check to see if the ISP has changed the address. Is it common for them to do this more than once per day?