VoIP on Separate Interface
-
Okay. If that is the best and easiest way to do it except putting the zyxel in front of everything else, let’s pretend I now have two IP-addresses with one connected to the phone.
What would I do to transfer data coming from the phone address to its router and keep the other address to the other interface? -
I would just try creating a second LAN interface first.
Id be very surprised if you had to port forward anything at all but instead you just need firewall rules to allow the traffic.
Do you have an available interface on your firewall that you can use?
-
Further my bet is a couple of WAN rules pointed at your device's LAN address would work as well but Ive started putting all my voip devices on a secondary interface as well just for ease and to be able to segregate traffic for statistical purposes.
Question- Do you have admin access to your Zytel device?
-
Yes, I have an excess interface and I turned it into a new LAN with the same configuration as my other one, created when I installed pfsense.
I works just fine for everything except my VoIP.I have access to my zyxel router but it is limited. I cannot update the firmware and view the VoIP configuration. That is all managed my ISP.
But I might be able to get them to do some things for me in I am not able to. There might be more settings that I am not capable of changing that I am not aware of.I also just phoned my ISP and asked about IP-addresses and they told me I am able to get up to 5 with my current subscription.
-
I want to make this interface a straight hole into the internet with no nat or firewall so that something from my end can get an external IP-address from my ISP and sent data through pfsense.
In other words I want it to act like a switch.I am not a pro so I need some help from someone who that can tell me how this may be done.
-
You have a public IP on the WAN of your pfSense box right?
If the only thing plugged into that interface is your VOIP device then simply create a WAN rule pointed at that interface and allow all.
Interface- WAN
TCP/IP- IPv4
Protocol- TCP/UDP
Source- Any
Source Ports Any
Destination- (Id make this your device's Local IP.)
Destination Ports - Try 5060 and 5061 first and see if it will connect
In order to do what your asking you would have to bridge that interface to the WAN and you would still need rules between them. You would also need a second public IP address for your VOIP device. Its much more complicated if your not familiar.
-
On the outbound NAT rules for that interface you might also make the whole interface Static Port… Some providers still need this although only a few from what Ive seen.
https://forum.pfsense.org/index.php?topic=84339.0
-
Then I would like to become familiar. :)
The method you suggested unfortunately does not work. When I called my ISP just before my last post, they told me the VoIP router must have a public IP.
It may be hard for me to understand every setting at first, but I will have something to think about during the week end and if I cannot get my head around it I will just have to use google.For the hard way to function correctly do I need to have two static IP-addresses, only one for either VoIP or pfsense or can I stick with dynamic IP?
-
Im not sure why the ISP would be involved with what your VOIP adapter needs… Is your ISP the VOIP provider as well?Nevermind- just reread… The Zyxel is a popular ATA router and many people have them behind routers.they told me the VoIP router must have a public IP.
Your provider obviously has decided to take NAT out of their VOIP equation then possibly. ::)
Do you have a spare switch that you could use to split your modem off to the two separate routers? The pfSense box and the Zyxel?
You can use Dynamic Addressing for the public IP's no problem. You just need to be able to get two addresses.
-
I do not have a spare switch but might go and get one as I can see why that would be significantly easier.
I would prefer being able to only use pfsense to the job of splitting althought I may change my mind if I knew that was to be done with the pfsense configuration.Have anyone done this before me that I may just not have found that I could be referred to?
-
I could try it out by stealing the switch I have to split my LAN efter pfsense when I am the only one connected.
UPDATE
I tried it and it worked. I was able to make and receive calls. So now I can choose between either buying a new switch or try to get pfsense to do the same thing for me. -
Nice- It appears then that your ISP does in fact give you more than one address… You never know till you try/ask.
https://doc.pfsense.org/index.php/Interface_Bridges
Take a look here.
-
I will look into creating a bridge as I have the extra interface.
Am i wrong if I think a bridge between my WAN and the phone interface will rout all traffic sent from LAN to the phone interface and not to the internet?
-
An interface bridged with WAN will be as a switch port with the WAN port other than you will need firewall rules between them to let traffic pass. No NATting.
I think if I were in your shoes Id probably keep a small 5 port switch doing the split for you. Other than it would be an educational process making it work the only thing you might gain is the ability to stop anyone else than your VOIP provider from accessing your SIP ports via some well placed firewall rules.
It would be nice also to learn what it is your device needs to connect and the pfSense box would be a great tool for that. Just depends how much fun you want to have. :)
-
I could go and pick up a small switch on Tuesday if I find it to hard getting the rules to go as I want them to.
In the meantime I will have some fun with setting up bridges. ;)
-
I had to re-boot to make my bridge work correctly after I installed it. YMMV.
Make sure you make an outbound firewall rule allowing that device to all on its new interface.
Good luck! :)
