DMZ troubleshooting

I am using a DDWRT router. I have a SIP phone system in the DMZ of the router. I can call out, but cannot receive calls. The packet capture on the SIP server, shows "error 404 - forbidden" when the number is called. To test, I went to a website that checks for open ports, and told it to check for the port I am using, on my WAN address. Port is reported closed. Being the port i am querying, is actually on a device behind the WAN address, and that port is not really being forwarded to the device, however the device is in the DMZ, is that the expected behavior? How to test, if that port can be reached from the outside.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jan SpringerCommented:
Are you not port forwarding from the outside to the IP on the DMZ for that/those ports?
GCITechAuthor Commented:
I am not forwarding any ports, as I thought if the device was in the DMZ, it was exposed to all ports. Is that not how it works?
Jan SpringerCommented:
No.  The DMZ is the zone that is less secure than than your internal zone but is inside your network.
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

Brian MurphyIT ArchitectCommented:
You have a split-DNS scenario.  SIP address is useless outside your internal DNS resolution.

You need something external that points to another IP. It can be your ISP IP for all I care, just make sure that forwards to the same SIP IP that you set internal?

Make sense?

Pretty straight forward.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jan SpringerCommented:
If the SIP server is external and is not from an internal domain, split-DNS is not the problem.

Either way, he needs to allow the SIP server to originate a connection to his phone by forwarding those ports to the IP in the DMZ.
GCITechAuthor Commented:
split dns settings are probably taken care of in NAT settings portion of the phone server, and that is why it resolved the issue. Thanks..
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.