Something on your mind? Want to give us feedback on something in particular or everything in general? Tell us how we are doing!
#44536 by Mike-o-Matic
Sat Jan 30, 2010 12:54 am
I'd rather the world were not able to ping my ooma hub. As it is, I'm set up as follows:
Cable Modem ==> Hub ==> Router ==> LAN PCs.
Unfortunately, set up like this, the hub will respond to outside pings.

Yes, I know my router's built-in firewall could shield the hub from pings, if I were to put the hub behind the router. But for a variety of reasons (mainly, due to lousy QOS configuration on my router) I'd really rather leave my setup as-is, and let the hub shape my traffic. I'm sure a lot of people prefer this setup for call-quality reasons.

However, if we were granted the ability to configure the hub to NOT respond to ICMP pings from the outside world, the hub could be left in front of the router, yet still be just that much more secure.

Actually, I'm not sure why the option isn't already in setup.ooma.com... it seems like even the simplest routers usually have a setting for that. What purpose could it possibly serve?
#48216 by Davesworld
Mon Feb 22, 2010 10:25 pm
What can we say? This is a users forum with occasional moderator activity and since there are many issues on the forefront of Telo firmware being ironed out it's difficult to say if they are even considering this. Before we go any further, when you go test at grc.com shields up does it show completely stealth or not? If it's stealth, no one is able to ping you now as it is.

What are you using for a router? Many of us prefer behind the router and QOS is not guaranteed to be needed unless you have heavy downloading and/or uploading not to mention that the HUB's throughput will bottleneck faster connections. Since my firewall/router uses wondershaper rather than a layer 7 modified shaper, I used a script that adds address ranges, protocol and priority and used it to enter the Ooma address range and protocol between 10000 and 20000 with high priority automatically, all 10000 addresses and ports, the config file is still quite small in KB after all that, the remaining adresses, protocol and ports are so few I can just add by hand. Just because the built in nicks are rated at 100mbs does not mean that anywhere even close to that can be throughputted through the NAT of the device itself, it takes a fair amount of processing power to accomplish throughput anywhere near line speed.

Personally for my uses, I just can't see a whole network's internet access at the mercy of an ATA with a tiny processor in it, just doesn't make sense to me. With the hub in front you also end up double natting your network which can lead to problems as well. There is a reason why the expensive multiport ATA's only have one ethernet port.
#48218 by Mike-o-Matic
Mon Feb 22, 2010 10:45 pm
Yes, actually, checking Gibson's ShieldsUp precisely what brought it to my attention to begin with. It's the only part of the test that fails.

Unfortunately, as I mentioned in my original post, my router's poor array of QoS settings doesn't really permit me to put my Hub behind my router, if I wish to ensure decent call quality. Otherwise, I'd have done that already.

Edit: My router is a D-Link DIR-615.
#48220 by Davesworld
Mon Feb 22, 2010 11:59 pm
sfhub wrote:It may not meet your needs, but you could put the Ooma behind the router and the PCs behind Ooma. Router is configured for outside pings and Ooma still does its QoS.


That would at least get rid of the pingability so that scanners would give up and move on. I went to Dlink's site and used the DIR-615 emulator on the version that even has QOS and it merely prioritizes gaming. Not a bad router other than the QOS which is all but useless for most of us.

If I had one, I'd be tempted to find a WRT image and use that but that's just me again.

http://www.dd-wrt.com/wiki/index.php/Su ... ces#D-Link
#48221 by sfhub
Tue Feb 23, 2010 12:56 am
Davesworld wrote:
sfhub wrote:It may not meet your needs, but you could put the Ooma behind the router and the PCs behind Ooma. Router is configured for outside pings and Ooma still does its QoS.


That would at least get rid of the pingability so that scanners would give up and move on. I went to Dlink's site and used the DIR-615 emulator on the version that even has QOS and it merely prioritizes gaming. Not a bad router other than the QOS which is all but useless for most of us.

It would do more than get rid of pingability. It would also take advantage of Ooma's QoS, which seems to be working for OP.

However it isn't for everyone because double-nat could be a little more hassle to configure and one might have other services provided by the router that aren't provided by Ooma's LAN.
#48246 by Mike-o-Matic
Tue Feb 23, 2010 10:16 am
Davesworld wrote: I went to Dlink's site and used the DIR-615 emulator on the version that even has QOS and it merely prioritizes gaming. Not a bad router other than the QOS which is all but useless for most of us.

Yep, exactly. No options for various types of traffic prioritization. I love the DIR-615 in general, but the QOS is pretty lame IMHO.

Thanks for checking, BTW... I didn't even know they had an emulator!!

Davesworld wrote:If I had one, I'd be tempted to find a WRT image and use that but that's just me again.

I've been trying to avoid messing with non-stock firmware if possible. Maybe someday, but I already blew one evening trying to put the Hub behind the router unsuccessfully (thanks to the QOS mess).

sfhub wrote:It may not meet your needs, but you could put the Ooma behind the router and the PCs behind Ooma. Router is configured for outside pings and Ooma still does its QoS.

Not sure what you meant by this. I assume this would mean I need a switch between the Hub and my PCs, because I only have the single home port. I have a variety of machines on my LAN though; can't plug 'em ALL into the Hub!

Also, I'd REALLY like to avoid another switch (though I have a gob of them lying about ;-)). I'm trying to keep the 24x7 power usage to a minimum if possible, plus I'd really hate to have yet ANOTHER device on my desk.

But if you meant something else (no added switch), then by all means please say so. Maybe I just misunderstand what you're suggesting.

Thanks everybody!
Mike-o

Who is online

Users browsing this forum: Victeknical and 9 guests