problems unblocking my sip provider
-
Hmm, interesting I hadn't considered that. Just as a test you can add you current IP as the destination though. You don't want to have that open on all ports permanently. If it works we can look at why it worked and how to replicate that woth port forwards.
Steve
-
sorry i took so long to reply. was sick for like 6 days and had no motivation to look at something with i'm already too frustrated with.
i tried both of these, neither have worked. did i not set it up the way you meant?
i get the occasional incoming call but i think it has more to do with the timing of my sip device re-establishing a connection before it getting dropped out after 15 minutes.
-
The active rule is correct there though I would leave the destination as 'any' at least for a test.
It does depend what firewall rules you have there also. Again as a test I would open it up completely, re-register the phone and test incoming calls.
If that doesn't work it's not a firewall rule issue and probably is reliant on a SIP ALG.
Steve
-
If I get time I will go through this whole thread later and see what pops out.
Are you still trying to use a STUN server?
Who is your SIP provider??
-
I see now who your provider is..
Apparently from the graphics showing the firewall logs above your LAN device (SIP Unit) is not listed in the SIP header. Otherwise the address would show as the SIP device. Id be interested in your state table.
SIroxd is very easy to set up and probably a good idea here.
Unless specified leave it blank (or default) for now.
Delete any port forwards or static NATting you have done.
Inbound Interface- whatever ethernet port your sip device is plugged into.
Outbound Interface- whatever ethernet port goes out to your internet.
Go down to RTP proxy. Enable It.
RTP Port Range (Lower) looks like 5004 from your stuff above.
RTP Port Range (Upper) 5059
Save!
Get the stun server stuff out of the mix for now. I do not believe you need it.
Reboot your SIP device.
Watch the "Registered Devices" tab and see if your phone shows up there.
If it does not you can add a proxy to the device config or see if they will do that for you.. The proxy address is your LAN address (or address of the ethernet port your SIP device is plugged into.)
Your WAN firewall rules above pointing at "this firewall" should work although I always use "wan address"..
-
http://siproxd.sourceforge.net/ for some details if your so inclined.
-
chpalmer: Cheers mate. trying it out and testing it.
i thought i should have provided this from the very get go.
pretty sure i said before they don't officially support this, but this is the information i found online to get it working originally.
https://crowdsupport.telstra.com.au/t5/Modems-Hardware/ports-for-firewall-in-front-of-telstra-router/m-p/720153#M36304
-
doesn't seem to do anything.
In fact i couldn't even make outgoing calls.THIS
is the bit that is confusing me the most.the traffic is being sent from port 5060 to 23625(seems to be randomly generated). no matter what i put into pfSense i cant write the rules so that ANY traffic that comes from port 5060 to ANY port on my firewall is forwarded to my SIP device. I am sure this is what i have to do to get this to work.
If I am understanding what I am doing here correctly we are writing rules so any packet that get sent to port 5060 on my firewall gets redirected. This is not what my provider is actually doing.
can i just make it so any packet that was transmitted from port 5060 to my wall get redirected to my sip device without any other conditions?
-
Im reading through the Telstra forum post right now. Does not look solved to me.
But- If you have SIProxd in place and the system is still trying to connect to a port other than the 5060 to 5080 range as in your picture above then the box is not connecting to the proxy. I would take it that you do not have anything showing up in "registered devices". You might leave it off the air overnight and then try again in the morning. Your SIP server and device are probably holding on to an earlier registration.
You can set up a static port in the router at Firewall/Nat Outbound NAT tab. Make the whole LAN address of the device "static" and see what that does for you. If this box connects correctly your firwall will show connections to your LAN device and never your WAN address. That is why I think they are doing something hinky.
-
Redirect Target Port is a numerical input and not what you have typed. If you want a 1:1 then do a 1:1. Otherwise do a port forward for each port or range of ports.
-
I can't show you a port forward example because I never port forward to an ATA or phone. But the same idea can be seen from one of my spur office ATA setups..
-
The ports in the answer worked perfectly on my previous software firewall IPFire. pfSense is just more tightly programmed.
1:1 doesn't work either. the firewall still blocks it.
even when i try this
it still doesn't work. but nothing shows up in the firewall logs -
The states from that box
-
Have you tried a Static port?
-
there are heaps of states from that device... but it also runs other services from my provider. the IP address to the sip server shows up nothing.
https://justpaste.it/4rnti
-
that wont work either because the information is not being sent to port 5060 at my end
2 x UP board, 4GB RAM + 64 GB eMMC w/ vesa case (http://up-shop.org/)
1x UP^2 Pentium Quad Core, 8GB RAM, 128GB eMMC w/ vesa case (pfSense)
1x UP Core Plus E3950, 8GB RAM, 64GB EMMC+ Net Plus i210-IT
1x Dell Power Edge R510
2x Dell Power Edge R610 -
Remember that when you make a change and it somehow registers then you have to sometimes wait for the registration to clear out of your providers server..
One thing I had to do at one point was to turn on TFTP proxy on so that some of my devices could get their config files.. That one stumped me for a bit.
But if it already has its file I wouldn't see that as an issue. If it has registered ever it should.
Systemm/Advanced/Firewall&NAT twards the bottom.
-
@randomaustralian said in problems unblocking my sip provider:
that wont work either because the information is not being sent to port 5060 at my end
Its coming from the firewall at that port. Thats a randomized port that the firwall does by default. Thats what the static port would stop.
-
but the logs read like its coming from the source at port 5060 and arriving at my firewall on a random port
-
@randomaustralian said in problems unblocking my sip provider:
but the logs read like its coming from the source at port 5060 and arriving at my firewall on a random port
Its trying to report back to where its told to go. If you do a static port that will change.
