NAT 1:1 question

Gob

Hi
If you don't have the subnet details for your public IPs, add them individually to Firewall | Virtual IPs with a /32 subnet.
In Firewall | NAT | 1:1, create a rule for each public IP that needs 1:1 NAT, also specify a single internal IP and a /32 for the internal subnet.

1:1 traffic also passes through the firewall filter so you will have to create firewall rules to allow traffic through.

Hope this helps.
Gordon

Gob

ps…
you may also find that you have to change the Outbound NAT to manual and select Static Port for your asterisk to work with NAT.

An alternative solution is to put a public IP directly on your asterisk box and hook it up to another interface on pfSense that is bridged to your WAN. That way there is no NAT involved (which Asterisk prefers) and the bridged interface still goes through the firewall filter so you can still block traffic.

I have sites with both methods used for asterisk and both work!

G

hollicor

Hi gob!

Thanks again for helping me.

So First , you want me to add individually the Public IPs as Virtual IPs as Proxy ARP or as Other?
Second,  add them again in the NAT 1:1 under the firewall tab.
Third, create a LAN or WAN firewall rule manually that will allow the source IP to the destination IP correct?

Regarding your other alternative, We have 3 asterisk servers here in the office so should I add 3 more NIC to our pfsense box ang connect them directly to the new NIC and bridge them all to the WAN interface?

Thanks again gob. Sorry if i'm such a hassle  ;D

Gob

No Hassle at all.

yes, correct regarding the NATing.
OR
Add one bridged interface to pfSense. Plug that into a switch and plug you 3x Asterisk into that switch.
Set the public IPs straight on the Asterisk boxes and configure their gateway to the IP of your Modem/Router.

G.

hollicor

Can I just bridge the current LAN inteface since it's already connected to a switch that is connected to the 3x Asterisk and all other switch in our network? Thanks Gob!

hollicor

Gob,

I'm trying to add the rules right now and i'm a bit confused.

I'm currently in Firewall | Rules |Wan

Should I type in the Public IPs in the source field and the internal IP address at the destination field? Thanks!

Gob

if all you have on your lan are devices with public IPs then you could bridge yout lan. however if you also have regular computers that need NAT then it wont work. you'll need a separate interface from your lan.
i will have to check the rules on one of my pfsense boxes when i get to the office later.

Gob

for 1:1 NAT rules, the source on the wan tab is 'Any' if you want it open to the whole internet, whilst the destination is the internal IP.

if using the bridged interface option, the destination is the public IP on the asterisk.

hollicor

okay Gob! Will try to do that and give you a feedback.

ps

Where can I find the port that asterisk uses again? astGui.conf?

Thanks!

Gob

asterisk uses lots of ports depending on how it is confgured and what kind of trunks you are using.
I use the Trixbox distro of Asterisk so can't really comment on your setup.
That's one for the asterisk foorums I'm afraid.

hollicor

We're using vicidial.

i'll try to check with their forum. Thanks man!