PfSense IAX trixbox

danswartz

okay, thanks.  does anything show up in the pfsense log when this is happening.  if you do a packet capture on the pfsense LAN, do you see anything?

northflux2

Hi,

No nothing in the logs.

I've just done two capture runs whilst trying to dial in.  One on the wan and one the lan:

WAN Packet capture

18:44:38.362921 00:24:b2:3d:d8:f2 > 00:1a:92:29:2e:5a, ethertype ARP (0x0806), length 60: arp who-has XX.155.38.205 tell XX.155.38.193
18:44:38.362953 00:17:3f:9b:dd:25 > 00:24:b2:3d:d8:f2, ethertype ARP (0x0806), length 42: arp reply XX.155.38.205 is-at 00:17:3f:9b:dd:25
18:44:38.363038 00:1a:92:29:2e:5a > 00:24:b2:3d:d8:f2, ethertype ARP (0x0806), length 60: arp reply XX.155.38.205 is-at 00:1a:92:29:2e:5a

LAN Packet capture

18:45:53.097058 00:1a:92:29:2e:5a > 00:24:b2:3d:d8:f2, ethertype IPv4 (0x0800), length 60: (tos 0xb8, ttl 64, id 57558, offset 0, flags [none], proto UDP (17), length 40) XX.155.38.205.4569 > externalVOIPProviderIP.4569: [udp sum ok] UDP, length 12
18:45:54.099425 00:1a:92:29:2e:5a > 00:24:b2:3d:d8:f2, ethertype IPv4 (0x0800), length 60: (tos 0xb8, ttl 64, id 57559, offset 0, flags [none], proto UDP (17), length 40) XX.155.38.205.4569 > externalVOIPProviderIP4569: [udp sum ok] UDP, length 12
18:45:58.096821 00:1a:92:29:2e:5a > 00:24:b2:3d:d8:f2, ethertype ARP (0x0806), length 60: arp who-has XX.155.38.193 tell XX.155.38.205
18:45:58.097115 00:24:b2:3d:d8:f2 > 00:1a:92:29:2e:5a, ethertype ARP (0x0806), length 60: arp reply XX.155.38.193 is-at 00:24:b2:3d:d8:f2
18:46:04.926321 00:24:b2:3d:d8:f2 > 00:1a:92:29:2e:5a, ethertype ARP (0x0806), length 60: arp who-has XX.155.38.205 tell XX.155.38.193
18:46:04.926415 00:1a:92:29:2e:5a > 00:24:b2:3d:d8:f2, ethertype ARP (0x0806), length 60: arp reply XX.155.38.205 is-at 00:1a:92:29:2e:5a

Does that help?

danswartz

Is this a transparent bridge setup?  I am seeing something weird.  They are ARP'ing for your trixbox, and two replies are being sent back, for two different MAC addresses.  ????

northflux2

Hi,

This is the trace when pf filtering is disabled and it works:

WAN Packet capture

18:54:13.801050 00:24:b2:3d:d8:f2 > 00:17:3f:9b:dd:25, ethertype IPv4 (0x0800), length 151: (tos 0x0, ttl 58, id 47889, offset 0, flags [none], proto UDP (17), length 137) externalVOIPProviderIP.4569 > XX.155.38.205.4569: [udp sum ok] UDP, length 109
18:54:13.802783 00:1a:92:29:2e:5a > 00:24:b2:3d:d8:f2, ethertype IPv4 (0x0800), length 60: (tos 0xb8, ttl 64, id 57608, offset 0, flags [none], proto UDP (17), length 46) XX.155.38.205.4569 > externalVOIPProviderIP.4569: [udp sum ok] UDP, length 18
18:54:13.817037 00:24:b2:3d:d8:f2 > 00:17:3f:9b:dd:25, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 58, id 47890, offset 0, flags [none], proto UDP (17), length 40) externalVOIPProviderIP.4569 > XX.155.38.205.4569: [udp sum ok] UDP, length 12
18:54:14.025257 00:1a:92:29:2e:5a > 00:24:b2:3d:d8:f2, ethertype IPv4 (0x0800), length 60: (tos 0xb8, ttl 64, id 57609, offset 0, flags [none], proto UDP (17), length 40) XX.155.38.205.4569 > externalVOIPProviderIP.4569: [udp sum ok] UDP, length 12
18:54:14.039055 00:24:b2:3d:d8:f2 > 00:17:3f:9b:dd:25, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 58, id 47891, offset 0, flags [none], proto UDP (17), length 40) externalVOIPProviderIP.4569 > XX.155.38.205.4569: [udp sum ok] UDP, length 12
18:54:15.211999 00:1a:92:29:2e:5a > 00:24:b2:3d:d8:f2, ethertype IPv4 (0x0800), length 60: (tos 0xb8, ttl 64, id 57610, offset 0, flags [none], proto UDP (17), length 40) XX.155.38.205.4569 > externalVOIPProviderIP.4569: [udp sum ok] UDP, length 12
18:54:15.225562 00:24:b2:3d:d8:f2 > 00:17:3f:9b:dd:25, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 58, id 47892, offset 0, flags [none], proto UDP (17), length 40) externalVOIPProviderIP.4569 > XX.155.38.205.4569: [udp sum ok] UDP, length 12

LAN Packet capture

18:54:53.213152 00:1a:92:29:2e:5a > 00:24:b2:3d:d8:f2, ethertype IPv4 (0x0800), length 60: (tos 0xb8, ttl 64, id 57612, offset 0, flags [none], proto UDP (17), length 40) XX.155.38.205.4569 > externalVOIPProviderIP.4569: [udp sum ok] UDP, length 12
18:54:53.229437 00:17:3f:9c:24:fc > 00:1a:92:29:2e:5a, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 57, id 47894, offset 0, flags [none], proto UDP (17), length 40) externalVOIPProviderIP.4569 > XX.155.38.205.4569: [udp sum ok] UDP, length 12
18:54:53.229626 00:1a:92:29:2e:5a > 00:24:b2:3d:d8:f2, ethertype IPv4 (0x0800), length 60: (tos 0xb8, ttl 64, id 57613, offset 0, flags [none], proto UDP (17), length 40) XX.155.38.205.4569 > externalVOIPProviderIP.4569: [udp sum ok] UDP, length 12
18:54:54.353898 00:17:3f:9c:24:fc > 00:1a:92:29:2e:5a, ethertype IPv4 (0x0800), length 151: (tos 0x0, ttl 57, id 47895, offset 0, flags [none], proto UDP (17), length 137) externalVOIPProviderIP.4569 > XX.155.38.205.4569: [udp sum ok] UDP, length 109
18:54:54.355513 00:1a:92:29:2e:5a > 00:24:b2:3d:d8:f2, ethertype IPv4 (0x0800), length 60: (tos 0xb8, ttl 64, id 57614, offset 0, flags [none], proto UDP (17), length 46) XX.155.38.205.4569 > externalVOIPProviderIP.4569: [udp sum ok] UDP, length 18
18:54:54.369374 00:17:3f:9c:24:fc > 00:1a:92:29:2e:5a, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 57, id 47896, offset 0, flags [none], proto UDP (17), length 40) externalVOIPProviderIP.4569 > XX.155.38.205.4569: [udp sum ok] UDP, length 12

How can i check the transparent bridge?   sorry if this is a stupid question!

northflux2

If you mean is the LAN interface bridged with the WAN then yes.

danswartz

yes, that is what i meant.  can you post the mac addresses of the two pfsense nics as well as the trixbox nic?

northflux2

trixbox:

eth0      Link encap:Ethernet  HWaddr 00:1A:92:29:2E:5A

pfsense:

re0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=389b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_ucast,wol_mcast,wol_magic>ether 00:17:3f:9b:dd:25

re1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=389b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_ucast,wol_mcast,wol_magic>ether 00:17:3f:9c:24:fc

bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
ether 0e:67:bb:99:2b:ab</up,broadcast,running,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_ucast,wol_mcast,wol_magic></up,broadcast,running,promisc,simplex,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_ucast,wol_mcast,wol_magic></up,broadcast,running,promisc,simplex,multicast>

danswartz

this is weird.  it's like the pfsense is doing some kind of proxy arp.  what does your config look like?

northflux2

I've just removed the NAT rule, which i mistakenly thought you wanted me to put in last night:

19:22:46.583484 arp who-has XX.155.38.205 tell XX.155.38.193
19:22:46.583855 arp reply XX.155.38.205 is-at 00:1a:92:29:2e:5a

Now its only replying with the one MAC much more sensible.

What do you mean "config look like"  firewall?

danswartz

yeah, sorry, that was when i thought it was a NAT setup.  i assume it still does not work?  if so, it might be good to reboot the pfsense just to make sure everything is clean.

northflux2

Hi,

Sorry had to go away for a few days.  I've rebooted the pf box and yes - unfortunately exactly still the same problem.

danswartz

Can you take another packet trace?

northflux2

Thanks for all your help.

Finally got it.

In case this causes anyone else a problem:

FW –> NAT --> Outbound --> Manual Outbound NAT rule generation

And I should have.

Deleted the existing default rule.

Thanks again.

kartook

;D thanks i am here for the same kind a problem .Got a solution through this .

Thanks Team
K~