AT&T uVerse blocking SIP?

Has anyone seen issues where a end user on uVerse trying to connect to
either another provider or AT&T non uVerse (in this case DIA) is having SIP
blocked? SIP leaving the uVerse network going to another uVerse DSL account
is fine, but it appears soon as it leave the uVerse network all SIP traffic
is blocked?

It appears others have seen this problem, some say it's a modem issue, some
say they are truly blocking it. Ive yet to call uVerse support yet as im
guessing ill get no where.

Thanks for any insight on this.

Yes. If you move to another port, e.g.: 5061 it works fine.

If you’re running on a Linux based system, you can do this:

/sbin/iptables -A PREROUTING -t nat -i eth1 -p udp --dport 5061 -j REDIRECT --to-port 5060

on the host to remap 5061 -> 5060 with no application change.

- Jared

I think this is due to the CPE using a particular ALG ... (from
recollection having never been a UVerse customer, but having sat
through a long, long, long set of discussions about the
merits/demerits of sip blocking)

They are saying this CPE has no ALG in it, but they can enable DMZ, which
acourse made zero difference.

What I do find funny is they escalated the problem to Tier-2 and wanted to
enroll the customer in premium tech support for $15 a month, because the
Internet signal is strong and is not causing the problem, sigh.

Back to trying port 5061 it appears!

I’ve never gotten AT&T to respond to issues, including the fact the device eats the SIP packets, and some types of SIP packets can actually cause their device to reboot as well.

It’s been a few years now since I really chased this down, but beware all of these ‘helpers’, including the Cisco SIP-ALG are broken. It’s more damage introduced by these CPE devices (like broken DNS proxies, etc).

- Jared

I agree. I always leave ALGs off, its just 10x harder when the support
asked what SIP was and then told me it's not a common protocol since it's
not in his magic book :slight_smile:

I used to have AT&T U-verse a couple of years back.

Never had any issues with SIP.

Although I've stopped using their modem prior to starting to use SIP,
directly connecting my own router to their ONT, so, I cannot comment
on whether their 2Wire PoS is the cause of the issues you experience
(but it's indeed quite likely so).

It's worth checking with your customer whether they can throw away
their modem, too. The modem has two ports -- green-coloured PHONE
LINE and red-coloured BROADBAND. If they get their connection through
the green PHONE LINE port, it means it's DSL. If it's through the red
BROADBAND port, it means no modem is required (other than every couple
of months or years for some weird port authentication that they
require), and can swap their at&t PoS with any other router.


In most cases the above has worked fine (we also use a 15060 -> 5060
remap), but I have one user for whom nothing seems to work. The problem
has persisted with different models of CPE, different phones, different
server-side ports (5060, 5061, 15060). They even moved and the problem
followed them to a new house (albeit in the same area). I was never able
to work out the issue and have been assuming it's a regional problem in
Uverse (in this case it was near Austin, TX).

IIRC, the user ended up switching to cable.