It definitely works, from my experience in Site To Site and Road Warrior scenarios with OpenVPN and Asterisk, it works. Check if the phone in the remote site registers correctly with the PBX, you can sniff some traffic to get some impression. Last but not least check that everything is configured with the routing and that the required ports are accessible.

I am not sure if my question is something sounds stupid, but I seriously want to know, and I guess many of us have alike situation. Any so called expert could respond to my question?

Thank you!!!!!!!!!!!

Yeah it's running like a charm!

Marcus

I will post a guide on how i got this working for me

PPPoE for interface in port forwarding?  ???

Edit: Nope forget that!  ::)

So it sounds like you have a web server on your network which you want available internally and externally?  You're going to have to be a little bit more specific about your needs and machines that have special circumstances.

Port forwarding is fairly straight forward, but I'm not 100% sure if that's your issue or not.  Can you give us some more details?

That makes sense.  I knew that was how the firewall worked just forgot the source port needed to be *.  I must have changed that on accident when I was trying to forward another port which probably had the same problem!  Thanks!

Practical. The first - TTL checks - has been done by a number of ISPs for a few years now. Both the first 2 I've seen discussed for most of a decade now. Various tools like p0f exist which make this pretty trivial to do.

The last, browser fingerprints, is another thing I've seen done for years now, though it is harder to do than the above so relatively few will bother with it. It does provide a rich source of information about a network (or individual computer) for those willing to put the effort in (for instance as well as the operating system it will often tell you the patch level and what version of things like Acrobat, Flash, Shockwave, .NET etc are installed).

okay, thank you for that info…

I just found out, that my plan wont work :-(
My two pppoe lines have the same gateway...

Sooo...I have to put an extra pfSense instance between my 'original' pfSense and one of the pppoe modems.

How can I forward all the Incomming Traffic from this 'in-between' pfSense to my primary one?
(I don't want to have to do every forwarding on two places...)

My public IPs can change (dynamic), so 1:1 NAT won't work?

Is there any other way?

Thanks
Matthias

In case others search and find this thread, I did some up with a work-around.  If I change the outbound NAT to use static-port for all traffic (http://doc.pfsense.org/index.php/Static_Port) things start working.  I'm still not entirely clear why the outbound RTP packets need static-port since audio in that direction worked.  It must have something to do with the state created based on the target ip:port (which becomes the source ip:port for incoming audio).

I would be nice if miniupnpd created a static-port outbound nat rule in tandem with the inbound rdr.  That way static-port wouldn't need to be enabled globally.  Since the RTP traffic can be on any UDP port in the 16384-32768 range, I can't create a special rule just for it.

mike

Hi chpalmer,
great and many thx I'll try today.
inferenza

what is it you need to achieve/are trying to get your pfsense to do with the VIP's?

:)

Are you using 1:1 nat? or port forward?

Very interesting.  I moved to another IP and it worked like a charm…

Thanks for the help!

It should work fine with a port forward, though you may want to forward it to the LAN IP address instead of directly to another port on the WAN IP.

I should have mentioned in the newer version of Trixbox has
sip_general_custom.conf which is used for that info as far as i know
I have added it to SIP_NAT.conf did not make any difference

cheers

Ok, I was able to figure it out.  It looks like other people have tried this before, and were unable to get it to work due to the fact that FreeBSD doesn't allow directed broadcasts.  What you need to do is install the ShellCmd package and add a command to add at bootup for a static ARP entry for the machine you want to wake up.

The command is:

arp -s IP Address MAC Address

Then setup a UDP port forward for the WOL packet.  The destination IP should be the IP address of the machine you are waking up.  The destination port should be the port your WOL client uses.

Thanks to the following sources for helping me figure it out.  Hope this helps others.

http://www.neowin.net/forum/topic/966318-wake-on-lan-from-outside-network-remote-via-internet/
http://forum.pfsense.org/index.php?topic=31937.0
http://www.mail-archive.com/support@pfsense.com/msg07379.html