It’s a few months ago that I fell in love with Voice Over IP and IP phones.
My old but solid Polycom 301 phone does not have a “Keep NAT Alive” option like
regular ones do and after some time it seems like my router’s NAT blocks ports.
Phone rings or calls but no voice either way, just air. Then I need to restart
the phone to punch another hole in the NAT for awhile. I was wondering if
putting my Polycom 301 IP (I made it static then it does not change by each
restart) in the routers DMZ can eliminate this problem and keep all the ports
open for it forever. I know that you may have security issues but as much it is
only about a phone and not my whole home network, I don’t care. They can hack
the phone and I can reconfigure it again. There’s no credit on my VOIP
In this excerpt from
Answercast #66, I look at the possibilities of using a router’s DMZ to allow
outbound VOIP calls through.
Become a Patron of Ask Leo! and go ad-free!
Setting up VOIP phone
Actually I think that’s a pretty interesting and innovative solution to the
To clarify for folks who are reading or listening to this, DMZ is an acronym
for, “Demilitarized Zone.” So, normally what happens on a NAT router is any
unrequested, or unexpected, outside connection is blocked by the router. So if
a server tries to connect to a computer in your home, and there’s a NAT router
in the way, it can’t get through. The NAT router stops it cold from being able
to get to any of the machines on your side of the network.
That’s why I keep calling it such a great firewall because it prevents
random access from outside agents. If you actually establish a connection
from the computer to the server, then the connection can
occur, because it was started by someone on your side of the router.
The DMZ is essentially an exception to that rule. What the DMZ is… is the
router allows you to specify an IP address of a computer on your local
Your local network might be 192.168.0.1 through 25. You may have 25
different computers and they all have these 192.168 addresses. You can then
assign, manually, an IP address. Maybe you’ll do 192.168.0.254 so it’s not
something that’s gonna ever really, reasonably, be approached by all the
machines on your side of the network.
You can configure your device (in this case, the phone) to respond to
only that IP address. You’re basically giving it a static IP address
“Stop blocking outside connections”
In the router… you then configure the router by saying, “You know what?
All these connections, these connection attempts that you’ve been blocking? The
unrequested, unsolicited connection attempts that you’ve been blocking…
don’t. Instead, send them over to this IP address: 192.168.0.254 – whatever
device is there, it will handle it, or it will know not to.”
In a case like this when you’ve got Voice over IP, it’s actually not that
uncommon for some protocols to want to initiate a call from outside of your
network. If someone using Voice over IP is somewhere else and tries to call
you, that, by definition, may be an outside server trying to initiate a contact
through your router: from the internet to the inside.
Rather than blocking it, we send it to the DMZ, or whatever’s configured for
So, I think it’s a fairly innovative solution. I like it.
Like you said, the only real concern is that, you know, maybe someone could
hack your phone, but you can reconfigure it. It depends on how smart the phone
is, I suppose.
I actually don’t see many downsides. The only downside I can think of (and
it’s a pretty small one) is if you ever actually, later, needed the DMZ for
something else. In reality, as many years as I’ve been doing this, I’ve never
once used a DMZ. I actually have no reason to propose it as a solution for
anyone’s problem – other than in a case like this where you’ve got a specific
IP based device that wants to be able to receive outbound or incoming
connections from the outside.
So, I say, “Go for it!” I say it’s a pretty good solution. I don’t really
see a downside.
Next from Answercast 66-
Shockwave keeps crashing, what can I do to fix it?