Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Asterisk IAX2 inbound traffic (SOLVED)

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 11.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      franklovespfs
      last edited by

      I recently started to use pfsense and I have replaced my home router with it and figured out the port forwards for my asterisk 1.8 box so far so good . sip with the rtp ports for voice traffic is no problem. calls come in and I can make calls out.

      my problem is the iax2 connections from the outside world are unable to connect to me.

      they can get the ip address from my dyndns hostname but they just will not connect.

      I figure I would have more trouble with sip and the ports then IAX2

      I setup a nat rule and it created a rule in the firewall as a associated nat rule.

      so
      Protocol udp
      destination wan address (or should I have single host or alias )  and enter my local asterisk server lan ip??
      Destination port range from:4569    (do I need to enter to feild?)
      Redirect target IP (my internal ip address for asterisk)
      Redirect target port other 4569 (why am I asked this again?)
      NAT reflection system default ?

      do I need to creat a filter rule or is the one what ity has in the rules fine ?

      is there any info you need to give me a answer on what I am doing wrong?

      1 Reply Last reply Reply Quote 0
      • P
        pkwong
        last edited by

        You need to create a portforward rule to point to the iax device (asterisk).  Then open up 4569 as a rule and you're done.

        When all else fails, don't blame the machine.  Blame your architecture.

        1 Reply Last reply Reply Quote 0
        • F
          franklovespfs
          last edited by

          now I can swap out my pfsense computer with my regular router and everything connects and works as it should

          not sure if this helps but with awsterisk I get cli errors with pfsense in place

          [Apr 30 16:52:49] WARNING[5432]: acl.c:582 resolve_first: Unable to lookup 'dyndns hostname of a host here/extnumber'
                > doing dnsmgr_lookup for 'dyndns hostname of a host here/extnumber'
          [Apr 30 16:52:49] ERROR[5432]: netsock2.c:263 ast_sockaddr_resolve: getaddrinfo("dyndns hostname of a host here/extnumber", "(null)", …): Name or service not know

          1 Reply Last reply Reply Quote 0
          • F
            franklovespfs
            last edited by

            I have a port forward rule on NAT

            and just re-made a rule to send udp 4569 to my local pbx server
            Proto   Source   Port   Destination   Port
            UDP           *           *   10.0.0.208   4569

            I also just enabled http://doc.pfsense.org/index.php/Static_Port
            does not seem to help at all.

            urgh  I really like this pfsense shame to go back to the goodold router

            1 Reply Last reply Reply Quote 0
            • F
              franklovespfs
              last edited by

              ok here is the answer

              I setup a nat rule

              Interface  WAN
              Protocol UDP
              Destination WAN Address

              Destination port range
              from:  4569
              to: 4569

              Redirect target IP
              Enter the internal IP address of the server on which you want to map the ports.
              e.g. 192.168.1.12
              Redirect target port 4569
              NAT reflection enable
              save and apply
              did the trick for me

              everyone is so happy now lol

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.