Traffic blocked despite allow rule - how to dig deeper?
-
Hi Everyone,
I have a problem with NAT/Firewall which blocks an IP that it shouldn't. I have set the rules to ALLOW as follow through NAT/Firewall:
NAT:
–-----------------------------WAN UDP 209.209.209.209 * 22.22.22.22 5060 (SIP) 192.168.0.5 5060 (SIP) SIP-Server-SIP WAN UDP 209.209.209.209 10000 - 20000 22.22.22.22 5060 (SIP) 192.168.0.5 10000 SIP-Server-RTP
Firewall:
–-----------------------------UDP 209.209.209.209 * 192.168.0.5 5060 (SIP) * none NAT SIP-Server-SIP UDP 209.209.209.209 10000 - 20000 192.168.0.5 10000 * none NAT SIP-Server-RTP
System Logs > Firewall Logs:
–-----------------------------Aug 4 17:34:22 WAN 209.209.209.209:10648 22.22.22.22:12706 UDP Aug 4 17:34:22 WAN 209.209.209.209:15418 22.22.22.22:11802 UDP
Why is that happening? As you can see above, I have allowed SIP UDP 5060 and RTP UDP port range 10000-20000 to be NATed to 192.168.0.5 and firewall rule shows it open as well. But then, the firewall log show port 12706 and 11802 blocked. Those range fall within 10000-20000. Why are they blocked? How can I dig deeper?
Legends:
SIP-Server LAN IP = 192.168.0.5
SIP-Server Public IP Address (Set as Virtual IP in pfSense): 22.22.22.22
VoIP Service Provider Public IP: 209.209.209.209Much appreciated,
-
My issue was in NAT of port range:
WAN UDP 209.209.209.209 10000 - 20000 22.222.22.22 10000 - 20000 192.168.0.5 10000 - 20000 SIP-Server-RTP
Lesson learned: don't rely on from port only. Add from and to.