Networks That Do Not Have a Network Address Translation (NAT) Router

The Problem

The network has no firewall protection, exposing the phones directly to the internet & creating an opportunity for international fraud

The network has a limited number of IP addresses, and once these are taken, connection of additional network devices - including but not limited to phones, computers, Ethernet-enabled printers - will cause unpredictable and generally bad network operation, as the DHCP server on the gateway device attempts to decide what devices can have IP addresses, and which ones cannot.

In most cases, the user is unaware that they do not have a router/firewall performing NAT, and do not realize that their entire network is visible to anyone on the internet who wants to access it. There are generally no obvious markings to allow a user to tell the difference between a modem-gateway with router functionality, and one without. To make things worse, some ISPs will provide a modem-router device, but configure it to provide public IPs and disable the router functionality.

Customers with Cable ISPs have the most Common occurrence of this problem.

Diagnosis

Always make sure that phone-system products are acquiring an address in a private IP range before moving on to other network-related troubleshooting.

Private IP ranges include:

  • Class A: 10.0.0.1 - 10.255.255.255
  • Class B: 172.16.0.1 - 172.31.255.255
  • Class C: 192.168.0.0 - 192.168.255.255

Also, note that software products running on your computer which claim to be a Firewall or Internet Security Suite are not a network firewall or a router, but rather an internet connection filter protecting that specific computer only. They provide no security against network intrusions that are not targeted at a specific computer system (such as those targeted at VoIP phones).

Background


Certain ISPs include multiple IP addresses with their business-class and higher-end residential services. This allows a small number of computers (usually 3 or 5) to be connected with public IP addresses.

Solution


Since Intermedia does not support connecting our phones to public IP addresses (eg, not behind a router/firewall) due to the extreme risk of SIP calling fraud, if you discover that you do not have a NAT-enabled router, the next step is to obtain one. Consult the Router Compatibility List and purchase a Recommended or Serviceable router.

Additional Resources: