• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

NAT 1:1 Polycom VSX 7000

Scheduled Pinned Locked Moved NAT
48 Posts 3 Posters 6.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    wesleylc1 Rebel Alliance
    last edited by Jul 29, 2019, 7:35 PM

    Dear,
    Regarding the source, it is not possible to determine which, as can be done from any Polycom client, already with destination address, is pointed to my local host.

    Best regards,
    Wesley Santos

    1 Reply Last reply Reply Quote 0
    • W
      wesleylc1 Rebel Alliance
      last edited by Aug 6, 2019, 8:46 PM

      Hello, does anyone have any suggestions what I can apply in this case of mine?

      Best regards,
      Wesley Santos

      1 Reply Last reply Reply Quote 0
      • D
        Derelict LAYER 8 Netgate
        last edited by Aug 6, 2019, 8:52 PM

        Most current VoIP solutions have figured out that things like SIP helpers are bad news and have coded some smarts into them to deal with NAT more gracefully. The situation was certainly worse when "very old" equipment was being manufactured.

        You're going to have to packet capture your SIP sessions and get down and dirty, learn the protocol, and see what NAT needs to happen and where. Essentially reverse-engineer what your particular environment needs (they are all different).

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        W 1 Reply Last reply Aug 6, 2019, 9:02 PM Reply Quote 0
        • W
          wesleylc1 Rebel Alliance @Derelict
          last edited by Aug 6, 2019, 9:02 PM

          Is it possible to configure without using nat, but passing all traffic from polycom through my pfsense?

          1 Reply Last reply Reply Quote 0
          • D
            Derelict LAYER 8 Netgate
            last edited by Aug 6, 2019, 9:07 PM

            Sure, if you don't need to use NAT and have a routed subnet you can put the PBX on.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • D
              Derelict LAYER 8 Netgate
              last edited by Aug 6, 2019, 9:08 PM

              You might want to hire someone familiar with VoIP to set this up for you.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • W
                wesleylc1 Rebel Alliance
                last edited by Aug 6, 2019, 9:12 PM

                My intenet link, with valid public ip's, can I use one of these ip's to release this traffic to polycom?

                Best regards,
                Wesley Santos

                1 Reply Last reply Reply Quote 0
                • D
                  Derelict LAYER 8 Netgate
                  last edited by Aug 6, 2019, 10:05 PM

                  If they are routed to you, sure.

                  If they are on the WAN subnet, you'll have to go to other lengths like make a silly WAN bridge.

                  I would do everything I outlined above and make sure what the problem actually is first.

                  You could do all that and the issue isn't NAT at all.

                  You really need to understand what your VoIP system requires in order to deploy it successfully instead of guessing.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • W
                    wesleylc1 Rebel Alliance
                    last edited by Aug 6, 2019, 10:12 PM

                    I think the problem is with NAT.
                    Already configured the WAN subnet direct in polycom, without going through my pfsense, worked successfully.

                    Best regards,
                    Wesley Santos

                    1 Reply Last reply Reply Quote 0
                    • S
                      stephenw10 Netgate Administrator
                      last edited by Aug 10, 2019, 3:06 PM

                      I would use an IPAlias rather than a ProxyARP VIP though it probably doesn't make any difference.

                      By far the most likely cause is that the Polycom device is sending it's internal IP in the contact packets for other devices to connect back to which will obviously fail. When you use a public IP on it directly it sends that so everything works.

                      If that is the case you need to set the Polycom to send it's external IP when it's behind NAT. Almost all VoIP devices have a setting for that. There's nothing we can do in pfSense to correct it.

                      A packet capture would likely prove that to be the problem.

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • W
                        wesleylc1 Rebel Alliance
                        last edited by Aug 12, 2019, 2:58 PM

                        Hi Steve, how are you?
                        Thanks for your return.
                        According to your suggestion of using IPAlias, I already set it up, but it was not successful, the same problem occurs when configured with ProxyARP.
                        Regarding the configuration of sending NAT to Polycom, it is also already configured, but there were problems sending and receiving calls.
                        My Polycom dials external, but with black video, it also receives an external call, but does not automatically connect as it should.

                        Best regards,
                        Wesley Santos

                        1 Reply Last reply Reply Quote 0
                        • S
                          stephenw10 Netgate Administrator
                          last edited by stephenw10 Aug 12, 2019, 4:24 PM Aug 12, 2019, 4:23 PM

                          Ok well really you would need to get a packet capture of the SIP packets to check that it really is sending the external IP in the SIP connection to open replies to.
                          There is probably something similar there for the other services but we may not be able to see it.

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • W
                            wesleylc1 Rebel Alliance
                            last edited by wesleylc1 Aug 12, 2019, 6:28 PM Aug 12, 2019, 6:27 PM

                            Hi Steve,
                            I performed a packet capture on WAN-ip, using filter on client remote address "140.242.250.200", my polycom is configured NAT for WAN-IP "189.20.108.XX", you can try to help me based on captured log's.

                            vtcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on sk1, link-type EN10MB (Ethernet), capture size 262144 bytes
14:53:51.195282 IP 189.20.108.XX.3232 > 140.242.250.200.1720: Flags [S], seq 12312384, win 8192, options [mss 1456], length 0
14:53:51.349001 IP 140.242.250.200.1720 > 189.20.108.XX.3232: Flags [S.], seq 1312067764, ack 12312385, win 4380, options [mss 1460], length 0
14:53:51.351178 IP 189.20.108.XX.3232 > 140.242.250.200.1720: Flags [.], ack 1, win 8192, length 0
14:53:51.365850 IP 189.20.108.XX.3232 > 140.242.250.200.1720: Flags [P.], seq 1:229, ack 1, win 8192, length 228
14:53:51.520050 IP 140.242.250.200.1720 > 189.20.108.XX.3232: Flags [.], ack 229, win 5360, length 0
14:53:51.531834 IP 140.242.250.200.1720 > 189.20.108.XX.3232: Flags [P.], seq 1:111, ack 229, win 5360, length 110
14:53:51.533182 IP 189.20.108.XX.3232 > 140.242.250.200.1720: Flags [.], ack 111, win 8082, length 0
14:53:51.558796 IP 140.242.250.200.1720 > 189.20.108.XX.3232: Flags [P.], seq 111:261, ack 229, win 5360, length 150
14:53:51.559118 IP 189.20.108.XX.3232 > 140.242.250.200.1720: Flags [.], ack 261, win 8042, length 0
14:53:51.564237 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [S], seq 12440638, win 8192, options [mss 1456], length 0
14:53:51.716167 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [S.], seq 1302810247, ack 12440639, win 4380, options [mss 1460], length 0
14:53:51.717206 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1, win 8192, length 0
14:53:51.783631 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1:846, ack 1, win 8192, length 845
14:53:51.786574 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 846:857, ack 1, win 8192, length 11
14:53:51.885921 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1:513, ack 1, win 4380, length 512
14:53:51.885933 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 513:945, ack 1, win 4380, length 432
14:53:51.887110 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 513, win 7680, length 0
14:53:51.887206 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 945, win 7248, length 0
14:53:51.887416 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 945:956, ack 1, win 4380, length 11
14:53:51.889096 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 956, win 7237, length 0
14:53:51.940740 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [.], ack 846, win 5915, length 0
14:53:51.940752 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [.], ack 857, win 5915, length 0
14:53:51.958866 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 857:864, ack 956, win 8181, length 7
14:53:51.963400 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 864:870, ack 956, win 8192, length 6
14:53:52.038397 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 956:969, ack 857, win 5915, length 13
14:53:52.039127 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 969, win 8179, length 0
14:53:52.063747 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 870:915, ack 969, win 8192, length 45
14:53:52.091200 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 915:1004, ack 969, win 8192, length 89
14:53:52.132462 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [.], ack 870, win 5915, length 0
14:53:52.143346 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 969:1014, ack 870, win 5915, length 45
14:53:52.145111 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1014, win 8147, length 0
14:53:52.146042 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1014:1112, ack 870, win 5915, length 98
14:53:52.147115 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1112, win 8049, length 0
14:53:52.148748 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1112:1249, ack 870, win 5915, length 137
14:53:52.149125 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1249, win 7912, length 0
14:53:52.150236 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1249:1284, ack 870, win 5915, length 35
14:53:52.151142 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1284, win 7922, length 0
14:53:52.165168 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1004:1031, ack 1284, win 7922, length 27
14:53:52.186843 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1031:1058, ack 1284, win 8020, length 27
14:53:52.188603 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1058:1069, ack 1284, win 8020, length 11
14:53:52.190754 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1069:1077, ack 1284, win 8020, length 8
14:53:52.208542 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1077:1206, ack 1284, win 8020, length 129
14:53:52.210436 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1206:1214, ack 1284, win 8020, length 8
14:53:52.226882 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1214:1241, ack 1284, win 8157, length 27
14:53:52.228475 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1241:1249, ack 1284, win 8157, length 8
14:53:52.229118 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1284:1293, ack 915, win 5915, length 9
14:53:52.231158 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1293, win 8183, length 
14:53:52.244894 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1249:1284, ack 1293, win 8183, length 35
14:53:52.247840 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1284:1311, ack 1293, win 8183, length 27
14:53:52.272856 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1293:1302, ack 1004, win 5915, length 9
14:53:52.273134 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1302, win 8183, length 0
14:53:52.321386 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1302:1311, ack 1031, win 5915, length 9
14:53:52.323134 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1311, win 8183, length 0
14:53:52.350844 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1311:1324, ack 1077, win 5915, length 13
14:53:52.351147 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1324, win 8179, length 0
14:53:52.383996 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1324:1333, ack 1249, win 7605, length 9
14:53:52.385144 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1333, win 8183, length 0
14:53:52.417547 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1333:1342, ack 1311, win 7605, length 9
14:53:52.419156 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1342, win 8183, length 0
14:53:53.191208 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1311:1322, ack 1342, win 8192, length 11
14:53:53.191891 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1322:1330, ack 1342, win 8192, length 8
14:53:53.349391 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1342:1355, ack 1330, win 7605, length 13
14:53:53.351151 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1355, win 8179, length 0
14:53:54.079736 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1330:1365, ack 1355, win 8192, length 35
14:53:54.091519 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1365:1494, ack 1355, win 8192, length 129
14:53:54.233905 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1355:1364, ack 1365, win 7605, length 9
14:53:54.235171 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1364, win 8183, length 0
14:53:54.273647 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1364:1373, ack 1494, win 9295, length 9
14:53:54.275186 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1373, win 8183, length 0
14:53:54.286645 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1494:1529, ack 1373, win 8192, length 35
14:53:54.301896 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1529:1658, ack 1373, win 8192, length 129
14:53:54.448893 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1373:1382, ack 1529, win 9295, length 9
14:53:54.451173 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1382, win 8183, length 0
14:53:54.488835 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1382:1391, ack 1658, win 10985, length 9
14:53:54.489155 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1391, win 8183, length 0
14:53:54.499932 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1658:1693, ack 1391, win 8192, length 35
14:53:54.514226 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1693:1822, ack 1391, win 8192, length 129
14:53:54.658089 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1391:1400, ack 1693, win 10985, length 9
14:53:54.659249 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1400, win 8183, length 0
14:53:54.698031 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1400:1409, ack 1822, win 12675, length 9
14:53:54.699194 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1409, win 8183, length 0
14:53:54.709097 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1822:1857, ack 1409, win 8192, length 35
14:53:54.724136 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1857:1986, ack 1409, win 8192, length 129
14:53:54.866983 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1409:1418, ack 1857, win 12675, length 9
14:53:54.869173 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1418, win 8183, length 0
14:53:54.905928 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1418:1427, ack 1986, win 14365, length 9
14:53:54.907210 IP 189.20.108.X.3233 > 140.242.250.200.3234: Flags [.], ack 1427, win 8183, length 0
14:53:54.919729 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1986:2021, ack 1427, win 8192, length 35
14:53:54.931719 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2021:2150, ack 1427, win 8192, length 129
14:53:55.076380 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1427:1436, ack 2021, win 14365, length 9
14:53:55.077207 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1436, win 8183, length 0
14:53:55.115922 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1436:1445, ack 2150, win 16055, length 9
14:53:55.117191 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1445, win 8183, length 0
14:53:55.128352 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2150:2185, ack 1445, win 8192, length 35
14:53:55.145844 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2185:2314, ack 1445, win 8192, length 129
14:53:55.284777 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1445:1454, ack 2185, win 16055, length 9
14:53:55.285173 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1454, win 8183, length 0
14:53:55.323921 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1454:1463, ack 2314, win 17745, length 9
14:53:55.325200 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1463, win 8183, length 0
14:53:55.340885 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2314:2349, ack 1463, win 8192, length 35
14:53:55.352551 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2349:2478, ack 1463, win 8192, length 129
14:53:55.504857 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1463:1472, ack 2478, win 19435, length 9
14:53:55.505197 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1472, win 8183, length 0
14:53:55.545598 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1472:1481, ack 2478, win 19435, length 9
14:53:55.547156 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1481, win 8183, length 0
14:53:55.561711 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2478:2513, ack 1481, win 8192, length 35
14:53:55.573761 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2513:2642, ack 1481, win 8192, length 129
14:53:55.725037 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1481:1490, ack 2513, win 19435, length 9
14:53:55.727196 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1490, win 8183, length 0
14:53:55.765379 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1490:1499, ack 2642, win 21125, length 9
14:53:55.767187 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1499, win 8183, length 0
14:53:55.780891 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2642:2677, ack 1499, win 8192, length 35
14:53:55.794249 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2677:2806, ack 1499, win 8192, length 129
14:53:55.944518 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1499:1508, ack 2677, win 21125, length 9
14:53:55.945185 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1508, win 8183, length 0
14:53:55.984359 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1508:1517, ack 2806, win 22815, length 9
14:53:55.985173 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1517, win 8183, length 0
14:53:56.001818 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2806:2841, ack 1517, win 8192, length 35
14:53:56.014327 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2841:2970, ack 1517, win 8192, length 129
14:53:56.164897 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1517:1526, ack 2841, win 22815, length 9
14:53:56.165186 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1526, win 8183, length 0
14:53:56.205638 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [.], ack 2970, win 24505, length 0
14:53:56.206037 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1526:1535, ack 2970, win 24505, length 9
14:53:56.207233 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1535, win 8183, length 0
14:53:56.219839 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2970:3005, ack 1535, win 8192, length 35
14:53:56.233469 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3005:3134, ack 1535, win 8192, length 129
14:53:56.371796 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [.], ack 3005, win 24505, length 0
14:53:56.373793 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1535:1544, ack 3005, win 24505, length 9
14:53:56.375309 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1544, win 8183, length 0
14:53:56.414175 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1544:1553, ack 3134, win 26195, length 9
14:53:56.415189 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1553, win 8183, length 0
14:53:56.428395 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3134:3169, ack 1553, win 8192, length 35
14:53:56.444410 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3169:3298, ack 1553, win 8192, length 129
14:53:56.583387 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1553:1562, ack 3169, win 26195, length 9
14:53:56.585194 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1562, win 8183, length 0
14:53:56.622732 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1562:1571, ack 3298, win 27885, length 9
14:53:56.623175 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1571, win 8183, length 0
14:53:56.640433 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3298:3333, ack 1571, win 8192, length 35
14:53:56.652612 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3333:3462, ack 1571, win 8192, length 129
14:53:56.803268 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1571:1580, ack 3333, win 27885, length 9
14:53:56.805199 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1580, win 8183, length 0
14:53:56.842812 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1580:1589, ack 3462, win 29575, length 9
14:53:56.843208 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1589, win 8183, length 0
14:53:56.861649 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3462:3497, ack 1589, win 8192, length 35
14:53:56.873558 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3497:3626, ack 1589, win 8192, length 129
14:53:57.022749 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1589:1598, ack 3497, win 29575, length 9
14:53:57.023187 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1598, win 8183, length 0
14:53:57.063389 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1598:1607, ack 3626, win 31265, length 9
14:53:57.065192 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1607, win 8183, length 0
14:53:57.080970 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3626:3661, ack 1607, win 8192, length 35
14:53:57.094297 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3661:3790, ack 1607, win 8192, length 129
14:53:57.243129 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1607:1616, ack 3661, win 31265, length 9
14:53:57.245203 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1616, win 8183, length 0
14:53:57.283870 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1616:1625, ack 3790, win 32955, length 9
14:53:57.285184 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1625, win 8183, length 0
14:53:57.301597 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3790:3825, ack 1625, win 8192, length 35
14:53:57.314168 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3825:3954, ack 1625, win 8192, length 129
14:53:57.462710 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1625:1634, ack 3825, win 32955, length 9
14:53:57.463192 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1634, win 8183, length 0

                            Best regards,
                            Wesley Santos

                            1 Reply Last reply Reply Quote 0
                            • D
                              Derelict LAYER 8 Netgate
                              last edited by Aug 12, 2019, 6:30 PM

                              You need to look into the SIP protocol and see what it's doing.

                              Chattanooga, Tennessee, USA
                              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                              Do Not Chat For Help! NO_WAN_EGRESS(TM)

                              1 Reply Last reply Reply Quote 0
                              • S
                                stephenw10 Netgate Administrator
                                last edited by Aug 12, 2019, 6:34 PM

                                Yes, you would need to filer additionally by port 5060 and then download and check the actual SIP packets to see what is being sent. You probably don't want to post that publicly though.

                                Steve

                                W 1 Reply Last reply Aug 12, 2019, 8:03 PM Reply Quote 0
                                • W
                                  wesleylc1 Rebel Alliance @stephenw10
                                  last edited by Aug 12, 2019, 8:03 PM

                                  What would the tcpdump command syntax look like, just to filter everything to my wan-ip port 189.20.108.XX port 5060?

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    stephenw10 Netgate Administrator
                                    last edited by Aug 12, 2019, 11:19 PM

                                    I would do it from the GUI but: https://docs.netgate.com/pfsense/en/latest/monitoring/performing-a-packet-capture.html

                                    Steve

                                    1 Reply Last reply Reply Quote 0
                                    • W
                                      wesleylc1 Rebel Alliance
                                      last edited by Aug 14, 2019, 2:43 PM

                                      @stephenw10

                                      Hi Steve, how are you?
                                      I monitored a connection made by my videoconferencing system, using "pftop" CLI my polycom connects with the target, but "NO_TRAFFIC: SINGLE" communication errors occur.

                                      PR        DIR SRC                                           DEST                                                   STATE                AGE       EXP     PKTS    BYTES
rsvp      In  192.168.40.251:0                              140.242.250.200:0                              NO_TRAFFIC:SINGLE       00:15:15  00:00:19        0        0
tcp       In  192.168.40.251:3233                           140.242.250.200:1720                          ESTABLISHED:ESTABLISHED  00:07:57  23:58:04       15     1096
tcp       Out 189.20.108.XX:3233                            140.242.250.200:1720                          ESTABLISHED:ESTABLISHED  00:07:57  23:58:04       15     1096
tcp       In  192.168.40.251:3234                           140.242.250.200:3242                          ESTABLISHED:ESTABLISHED  00:07:57  23:59:35      181    10480
tcp       Out 189.20.108.XX:3234                            140.242.250.200:3242                          ESTABLISHED:ESTABLISHED  00:07:57  23:59:35      181    10480
udp       In  192.168.40.251:3232                           140.242.250.200:3262                           NO_TRAFFIC:SINGLE       00:07:56  00:00:30    19850 13004860
udp       Out 189.20.108.XX:3232                            140.242.250.200:3262                               SINGLE:NO_TRAFFIC   00:07:56  00:00:30    19850 13004860
udp       In  192.168.40.251:3231                           140.242.250.200:3261                           NO_TRAFFIC:SINGLE       00:07:51  00:00:29       95     7220
udp       Out 189.20.108.XX:3231                            140.242.250.200:3261                               SINGLE:NO_TRAFFIC   00:07:51  00:00:29       95     7220
udp       In  192.168.40.251:3233                           140.242.250.200:3263                           NO_TRAFFIC:SINGLE       00:07:51  00:00:29       95     9120
udp       Out 189.20.108.XX:3233                            140.242.250.200:3263                               SINGLE:NO_TRAFFIC   00:07:51  00:00:29       95     9120
udp       In  192.168.40.251:3235                           140.242.250.200:3265                           NO_TRAFFIC:SINGLE       00:07:51  00:00:29       95     7220
udp       Out 189.20.108.XX:3235                            140.242.250.200:3265                               SINGLE:NO_TRAFFIC   00:07:51  00:00:29       95     7220
udp       In  192.168.40.251:3237                           140.242.250.200:3267                           NO_TRAFFIC:SINGLE       00:07:51  00:00:29       95     7240
udp       Out 189.20.108.XX:3237                            140.242.250.200:3267                               SINGLE:NO_TRAFFIC   00:07:51  00:00:29       95     7240

                                      Best regards,
                                      Wesley Santos

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        stephenw10 Netgate Administrator
                                        last edited by Aug 14, 2019, 3:17 PM

                                        That's not necessarily an error but you would expect more traffic when it connects correctly.

                                        I would bet it's sending it's internal private IP still we've seen that many many times. Including numerous times when a VoIP provider told us it definitely wasn't and we had to prove it was using packet captures.

                                        We would need to see the SIP packets to be sure.

                                        PM them to me if you prefer. I'll take a look when I have time.

                                        Steve

                                        W 1 Reply Last reply Aug 14, 2019, 3:32 PM Reply Quote 0
                                        • W
                                          wesleylc1 Rebel Alliance @stephenw10
                                          last edited by Aug 14, 2019, 3:32 PM

                                          can i send you a .pcap packet capture for you to help analyze?

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received