Issues with inbound SIP on 5080

chpalmer

What kind of switch do you utilize and have you rebooted it?

podilarius

Can you post screen shots of the NAT configuration? If you are using AON, please post that also.

mhotel

What kind of switch do you utilize and have you rebooted it?

Switch is a Cisco SG300-20 with no VLANs yet defined, and yes it has been rebooted. Straight cable between the Alix and the DSL modem.

I'll grab screenshots when I'm down there this afternoon.

thanks~

mhotel

Screenshots

![NAT page.png](/public/imported_attachments/1/NAT page.png)
![NAT page.png_thumb](/public/imported_attachments/1/NAT page.png_thumb)
![Outbound NAT.png](/public/imported_attachments/1/Outbound NAT.png)
![Outbound NAT.png_thumb](/public/imported_attachments/1/Outbound NAT.png_thumb)

podilarius

Can you edit the rule and post those screen shots? To be honest, I don't have a 1.2.3 installed any longer. Would it be possible to upgrade that to 2.0?

Supermule

Your int. port range is wrong. It should say 5060 instead of 5080.

Delete the rule and create again.

BUT…..I would use 5060 ext. range since this is the default SIP.

mhotel

Internal and external are both on 5080 by design. Not my preference, but sipXbridge currently requires it.

mhotel

@podilarius:

Can you edit the rule and post those screen shots?

edit-rule.png_thumb

chpalmer

Try filling in the "to" with 5080.

podilarius

On your advanced outbound, create a new rule above your default. Have it set so that it looks like:

Source:192.168.44.24
SPort: any
Destination: 66.241.X.Y
DPort: 5060
Translation: Interface Address
Static Port: yes

mhotel

Just tried that, no change in packet behavior.

Note that the outbound keepalives are making it through pfSense and back to the ITSP. It's the inbound 5080 that gets dropped.

podilarius

Is that traffic in response to the keep alives or are they calls or alerts from the ISP? Are you able to make calls? Do you have one way audio? Do you have keep states set on the default rule or the rule governing the traffic?
Does a traceroute complete from either location?

Do you have a range of IP addresses from your provider?

Also, do you have a spare machine you can load pfsense on for a quick load of you rules to see if that would work.

mhotel

Outbound calls go to a different proxy and are working fine.

The packets we are sending to 5060 are intended to keep a generic firewall open to inbound SIP invites on 5080.

Only one static IP from this provider, and the ITSP is sending to that address.

I'll look for another machine to try 2.01 on. The strange thing is that this was working when we first set it up, and stopped a couple of days later with no changes to pfSense.

podilarius

Could be hardware related or someone made an accidental change in the config.