VoIP SIP telephone, static-route.
-
I'm using the PFsense 1.0 BETA 1.
Is it possible to enable the pf "static-port" option in the NAT-rule?
This is needed to get a VoIP SIP telephone working.
as for now the outgoing port is translated and confuses the SIP-server.
I need it to be like. for example..
ip_phone:3300 -> NAT_router:3300 -> server:port
and not
ip_phone:3300 -> NAT_router:dynamicport -> server:port
When using PF under freeBSD/OpenBSD I just added "static-port" to the NAT rule to get it working.
But I don't find that option anywhere in PFSense. -
As mentioned in a few other posts on the same/similar topic you can download the latest snapshot here:
http://www.pfsense.org/~sullrich/?M=D (These aren't officially supported, thus not announced on the forum or website.)
Or you could download the Developers Edition and compile your own. Here: http://wiki.pfsense.com/wikka.php?wakka=VMWareDevelopersEdition
It has the static port option in the Advanced Outbound NAT which should handle what you're looking for!
-
Thank you!
That solved the problem.
Just had a few issues to solve to get the upgrade to work because i've installed on a CF-card and changed the platform to wrap and that platform wasn't upgradable from the image files.
I changed the platform back to pfSense, upgraded. And then back to wrap again, it seemed like the config-file was corrupted.I did a reset and reentered all the settings (I never did a config backup before upgrading. my fault).
And now it seems to work perfectly :)
-
I run pfsense and have VoIP from Tele2 and i live in sweden. I run the lastes testbeta, but i cant get my VoIP to work i have applayed advanced outbound NAT and open all the ports that it need under nat - > port forwing do i need to do anymore stuf before it works? or i´m scruewd ?
pleas need help i realy like pfsense and whant to run it
before i did run IPCop and the all stuf did work
-
Ive got the same problem as Gronis, same VoIP provider and the same pfSense version.
Ive tried the static route option but that didnt solve the problem, the connection nerver get "established" instead it only get to "SINGLE:NO_TRAFFIC". :o
The static portmapping works but some how the SIP box wont full fill the connection to the server (or the other way around). The VoIP provider have given me all the ports that I need to open and Ive configuerd them in pfS, and I know that they are correct beacuse I use similary forward rules on my Linux box.
Some help on this topic would be verry appreciated! -
OK, I got it working.. dunno how but it works! ;D
I have static routes enabled, odd beacuse I had the same config yeasterday but it wouldnt work.BTW, tnx for a great firewall!
-
OK, I got it working.. dunno how but it works! ;D
I have static routes enabled, odd beacuse I had the same config yeasterday but it wouldnt work.BTW, tnx for a great firewall!
Hey!
Could i see what your static route looks like? -
how do i setup staticroute for my voip-phone (tele2) ? ,i have NAT rules UDP 5060-5061 and UDP 10000-10007,
and i cant still get it to work. (according to tele2support thats all i need). -
Advanced outbound NAT.
This has been covered umpteen times here in the forum.
-
And to stop the confusion, you need a static port, not a static route.
-
i've spend lots of time to figure how to get it to work. only progress is still that i managed to call from my voipphone to
my mobile and it was only one directioncall .. :-\i've advanced outbound NAT and static port activated for the ports.
states show:
Proto Source -> Router -> Destination State
udp 192.168.0.244:3478 -> 83.233.97.165:51987 -> 130.244.125.91:3478 MULTIPLE:MULTIPLE
udp 192.168.0.244:5060 -> 83.233.97.165:59853 -> 130.244.125.91:3478 MULTIPLE:MULTIPLE
udp 192.168.0.244:5060 -> 83.233.97.165:5060 -> 130.244.125.91:5060 SINGLE:NO_TRAFFIC
udp 130.244.125.91:3478 <- 192.168.0.244:3478 MULTIPLE:MULTIPLE
udp 130.244.125.91:3478 <- 192.168.0.244:5060 MULTIPLE:MULTIPLE
udp 130.244.125.91:5060 <- 192.168.0.244:5060 NO_TRAFFIC:SINGLE192.168.0.244 is my voip.
Firewall: NAT: Outbound shows:
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN 192.168.0.0/24 5060 192.168.0.244/32 5060 * *
YES
tele2
[edit mapping]
[add a new nat based on this one]
WAN 192.168.0.0/24 5061 192.168.0.244/32 5061 * *
YES
tele2
[edit mapping]
[add a new nat based on this one]
WAN 192.168.0.0/24 3478 192.168.0.244/32 3478 * *
YES
tele2
[edit mapping]
[add a new nat based on this one]
WAN 192.168.0.0/24 3479 192.168.0.244/32 3479 * *
YES
tele2
[edit mapping]
[add a new nat based on this one]
WAN 192.168.0.0/24 10000 192.168.0.244/32 10000 * *
YES
tele2
[edit mapping]
[add a new nat based on this one]
WAN 192.168.0.0/24 10001 192.168.0.244/32 10001 * *
YES
tele2
[edit mapping]
[add a new nat based on this one]
WAN 192.168.0.0/24 10002 192.168.0.244/32 10002 * *
YES
tele2
[edit mapping]
[add a new nat based on this one]
WAN 192.168.0.0/24 10003 192.168.0.244/32 10003 * *
YES
tele2
[edit mapping]
[add a new nat based on this one]
WAN 192.168.0.0/24 10005 192.168.0.244/32 10005 * *
YES
tele2
[edit mapping]
[add a new nat based on this one]
WAN 192.168.0.0/24 10006 192.168.0.244/32 10006 * *
YES
tele2
[edit mapping]
[add a new nat based on this one]
WAN 192.168.0.0/24 10007 192.168.0.244/32 10007 * *
YES
tele2and i do not have any rules on "Firewall: NAT: Port Forward" for the phone,exept rules for dc++ and games
that i play online that works exelent!! -
As you can see from the state table your static port doesn't work:
Proto Source -> Router -> Destination State
udp 192.168.0.244:3478 -> 83.233.97.165:51987 -> 130.244.125.91:3478 MULTIPLE:MULTIPLE
udp 192.168.0.244:5060 -> 83.233.97.165:59853 -> 130.244.125.91:3478 MULTIPLE:MULTIPLE
udp 192.168.0.244:5060 -> 83.233.97.165:5060 -> 130.244.125.91:5060 SINGLE:NO_TRAFFICJust create a single rule on top of your advanced outbound NAT rules for source IP-phone, destination any, static port. Save and apply. After that reset states at diagnostics>ststes, reset states to make the phone recreate the states with the static port.
-
thanx for fast reply ,almost there.. :o
the phone still doesnt work but the states looks better ,heh ..udp 192.168.0.244:3478 -> 83.233.97.165:3478 -> 130.244.125.91:3478 MULTIPLE:MULTIPLE
udp 192.168.0.244:5060 -> 83.233.97.165:5060 -> 130.244.125.91:5060 SINGLE:NO_TRAFFIC
udp 192.168.0.244:3478 -> 130.244.125.130:3479 SINGLE:NO_TRAFFIC
udp 130.244.125.91:3478 <- 192.168.0.244:3478 MULTIPLE:MULTIPLE
udp 130.244.125.91:5060 <- 192.168.0.244:5060 NO_TRAFFIC:SINGLE
udp 130.244.125.130:3479 <- 192.168.0.244:3478 NO_TRAFFIC:SINGLEanyone with tele2/sweden who can post some info? , i dont want to go back to my zyxelrouter ,due
the autonegationproblem i have with my ISP (bb2 100mbit full duplex) ,when i only get worthless speed. :'( -
Which direction does not work? incoming or outgoing?
-
outgoing works occasionally .. incoming never ..
i read somwere that 1:1 nat could help ?!? or upnp ??
-i'm thinking of to get another nic and run with a raisercard a dmz or something like that,
is that possible to get it run easier? (currently i have via-miniitx nehemiah mobo) +hp procurve switch -
static port does something similiar to 1:1 nat (at least when it comes to the natting). Does your phone use STUN and does your provider support it? SIP providers handle things very different. Some use STUN, some use a proxy at their end that rewrites ports/IPs to the IPs that the server sees and not the info that is inside the voip packages, others don't use any of these mechanisms which can lead to serious problems behind NATs. SIP and NAT are not good friends in general.
-
:D ,yes.. it works now ,i dont know really how ,but i installed miniupnpd package.
thx for all , pfsense roxx . -
Dose this work now? I going to trye PF agin i fhink but i need to now that the tele2 voip works.
-
yes ,tele2 works. =D