problems unblocking my sip provider
-
Redirect Target Port is a numerical input and not what you have typed. If you want a 1:1 then do a 1:1. Otherwise do a port forward for each port or range of ports.
-
I can't show you a port forward example because I never port forward to an ATA or phone. But the same idea can be seen from one of my spur office ATA setups..
-
The ports in the answer worked perfectly on my previous software firewall IPFire. pfSense is just more tightly programmed.
1:1 doesn't work either. the firewall still blocks it.
even when i try this
it still doesn't work. but nothing shows up in the firewall logs -
The states from that box
-
Have you tried a Static port?
-
there are heaps of states from that device... but it also runs other services from my provider. the IP address to the sip server shows up nothing.
https://justpaste.it/4rnti
-
that wont work either because the information is not being sent to port 5060 at my end
2 x UP board, 4GB RAM + 64 GB eMMC w/ vesa case (http://up-shop.org/)
1x UP^2 Pentium Quad Core, 8GB RAM, 128GB eMMC w/ vesa case (pfSense)
1x UP Core Plus E3950, 8GB RAM, 64GB EMMC+ Net Plus i210-IT
1x Dell Power Edge R510
2x Dell Power Edge R610 -
Remember that when you make a change and it somehow registers then you have to sometimes wait for the registration to clear out of your providers server..
One thing I had to do at one point was to turn on TFTP proxy on so that some of my devices could get their config files.. That one stumped me for a bit.
But if it already has its file I wouldn't see that as an issue. If it has registered ever it should.
Systemm/Advanced/Firewall&NAT twards the bottom.
-
@randomaustralian said in problems unblocking my sip provider:
that wont work either because the information is not being sent to port 5060 at my end
Its coming from the firewall at that port. Thats a randomized port that the firwall does by default. Thats what the static port would stop.
-
but the logs read like its coming from the source at port 5060 and arriving at my firewall on a random port
-
@randomaustralian said in problems unblocking my sip provider:
but the logs read like its coming from the source at port 5060 and arriving at my firewall on a random port
Its trying to report back to where its told to go. If you do a static port that will change.
-
Do you have any WAN rules pointed at 10.0.0.150 now?
-
i put it in as you had it in the picture and its "being ignored" i cant activate it
and no id didnt auto create a new WAN rule
-
Create a WAN rule with source (their server) destination 10.0.0.150 any on the ports.
Put it on top of all your rules.Log the rule..
Then if anything is happening between the boxes then it will show up in your firewall logs.
-
the phone is still not ringing for incoming calls
-
Now you need to find out where your RTP comes from.
Make a call and watch the states. When you call out it will probably connect to a different server.. Some do some dont. Depends on the carrier.
If you look at my WAN rules above from 30 minutes ago you will see that I have rules for RTP for at least a couple of different locations.
-
that is with a connected outgoing call. that all i get in hte :50** range
-
Looks like the inbound SIP port for you is 5065..
Your RTP is most likely somewhere other than at 5004 then.
-
Do a packet capture of your device from the firewall while making a call..
or you can go to status/status graph and set it for remote. See what is constant while the call is in progress.
-
Still watching. Looks like you guys are getting close.
The 1:1NAT rule we tried some time back should have taken care if the static outbound NAT and allowed back any traffic as long as you had firewall rules to pass it.
The fact you were seeing the reply traffic blocked at all shows the states had closed. The keep-alives my be too far apart, or not there at all.
Steve
