Firewall Ip addresses and Ports for Wifi Calling

5J8 · ‎17-01-2021

My firewall blocks all inbound and outbound communication, except standard http/https, as a result wifi calling is blocked.

for security reason I don't want to open ports 500 and 4500 (associated with wifi calling) to all ip addresses.

Can someone let me know which IP addresses and ports I need to open.

thanks

Mustrum · ‎17-01-2021

WiFi calling works on my phone and I have not needed to open any ports.

I thought it was more to do with the phone and carrier, rather than any router setting.

So which phone, and who do you use for your mobile supplier?

XRaySpeX · ‎17-01-2021

The router's Firewall blocks no outgoing comms; only unsolicited incoming access.

If you are really talking about WiFi Calling & not VoIP (which I think might be associated with ports 500 and 4500) then many users are using WiFi Calling successfully over all sorts of BB with routers in their un-reconfig'ed default settings.

One thing you could also try is to stop using any VPN, which might be also be using ports 500 and 4500.

@bristolian : Any thoughts on WiFi Calling?

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC => 2014: EE 20 Meg WBC => 2020: EE 40 Meg FTTC => 2022: EE 80 Meg FTTC (no landline number)

5J8 · ‎17-01-2021

Yep your right my router does not block outgoing ports, that's why I said my Firewall, I run a full Enterprise level firewall, this does block all ports and destinations unless you specifically add a rule to allow access.

I have an EE mobile and no coverage in my house, so as per EE's recommendation I have Wifi Calling turned on. If I turn on the wifi on the router and bypass the firewall, wifi calling works fine. This then means I will need multiple wifi networks in the house.

I don't have VPN turned on, as this causes disruption with certain video conferencing and connections to clients, who all insist on using their own VPN connections.

My original firewall hardware failed, but I use to have the EE IP addresses and Port numbers and it all worked fine. I have replaced the hardware and reinstalled the firewall but the config backup appears to be incompatible with the new version of the firewall so I have lost these settings.

The new firewall also allows me to bond my Mobile Broadband and Fibre broadband, to double the speed of my internet.

5J8 · ‎17-01-2021

Here is the solution :

Each Mobile company in each country has a dns name for wifi calling :

epdg.epc.mnc###.mcc###.pub.3gppnetwork.org

The United Kingdong is mcc 234 and the mnc designates the mobile phone company EE is 030, 031, 032, 033 and 034

You can look these numbers up at http://www.mcc-mnc.com/

for example:

epdg.epc.mnc030.mcc234.pub.3gppnetwork.org

by doing an nslookup on each of these addresses you can determine the ip addresses

nslookup epdg.epc.mnc030.mcc234.pub.3gppnetwork.org

nslookup epdg.epc.mnc031.mcc234.pub.3gppnetwork.org

nslookup epdg.epc.mnc030.mcc234.pub.3gppnetwork.org

You will find that EE only use 4 ip addresses :

109.249.190.48
109.249.180.0
109.249.186.72
109.249.188.56

The ports for Wifi calling are actually ALL UDP ports

udp/500,

udp/4500,

udp/5060-5061,

udp 40283-59999

So the firewall needs each of these destination ip addresses and UDP ports

XRaySpeX · ‎17-01-2021

To anyone else reading this solution: For the avoidance of any doubt, the OP's solution does not refer to any BB routers but only to his own proprietary firewall.

You do not need to change anything on your BB router, even if you are running something similar to the OP.

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC => 2014: EE 20 Meg WBC => 2020: EE 40 Meg FTTC => 2022: EE 80 Meg FTTC (no landline number)

5J8 · ‎17-01-2021

XRaySpeX makes a very good point, changing BB routers can cause issues.

For clarity :

BB Router (fftc) BB Mobile Router (Gigacube) <---- These routers are NOT changed

| |

Enterprise Firewall (Example Sophos/pfsense) <--- Route changes are done here

[WAN Connections are bonded]

|

LAN connection to Mesh Wifi routers ---> Wired Network Switch

DavidQuinn101 · ‎18-01-2022

You're a legend.

I work in SD-WAN, we can use IPs for our bi-directional QoS with the core router and the user's endpoint device to prioritise packets as and when they're requested.

After this comment, packets are being tagged when calls are established.

Thanks!

willt482 · ‎24-12-2022

Hi. I’m struggling to get Wi-Fi calling to work. I have a couple of questions you maybe able to help with.

my upload is 0.7 mb and download 7mb. Is that ok?

my response time in general is 80ms - again ok?

I can’t ping any of those IPs you listed. Should I be able to?

XRaySpeX · ‎24-12-2022

@willt482 : Welcome to EE's Home Broadband Forum.

Which BB package do you have from EE?

If you would like help with your BB speed or connection issues, please would you carry out the following steps for starters, which will enable us to diagnose the problem and advise you further. Do not restart your router to do these tests:

1. Post your full router stats:

For a BrightBox: login and go to Advanced Settings > System > DSL Status. Also post 'System Uptime' from top of System Log page.
For a SmartHub: login and go to Advanced Settings > Technical Log > Information. Obscure your names & any numbers in the BB Username & also the SSIDs.
For other routers: login to it according to the label on it as the admin user & navigate looking for its router/connection statistics.

Full router stats are key to any speed & connection issues.

2. Try a wired speedtest, using an Ethernet cable supplied with the router, here http://www.thinkbroadband.com/speedtest.html . Click on the "Results Page" button at the bottom of the graph you first see and then copy to here just the "Link to this result:" link that you see below the next main graph.

3. What does BT Wholesale Broadband Availability Checker estimate for your phone number? Post just the whole table and the line above it, blanking out your phone number. If it doesn't recognise your phone number or you don't have one, use the Address Checker, not the Postcode Checker.

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC => 2014: EE 20 Meg WBC => 2020: EE 40 Meg FTTC => 2022: EE 80 Meg FTTC (no landline number)