Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT 1:1 Polycom VSX 7000

    Scheduled Pinned Locked Moved NAT
    48 Posts 3 Posters 6.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      I would use an IPAlias rather than a ProxyARP VIP though it probably doesn't make any difference.

      By far the most likely cause is that the Polycom device is sending it's internal IP in the contact packets for other devices to connect back to which will obviously fail. When you use a public IP on it directly it sends that so everything works.

      If that is the case you need to set the Polycom to send it's external IP when it's behind NAT. Almost all VoIP devices have a setting for that. There's nothing we can do in pfSense to correct it.

      A packet capture would likely prove that to be the problem.

      Steve

      1 Reply Last reply Reply Quote 0
      • W
        wesleylc1 Rebel Alliance
        last edited by

        Hi Steve, how are you?
        Thanks for your return.
        According to your suggestion of using IPAlias, I already set it up, but it was not successful, the same problem occurs when configured with ProxyARP.
        Regarding the configuration of sending NAT to Polycom, it is also already configured, but there were problems sending and receiving calls.
        My Polycom dials external, but with black video, it also receives an external call, but does not automatically connect as it should.

        Best regards,
        Wesley Santos

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by stephenw10

          Ok well really you would need to get a packet capture of the SIP packets to check that it really is sending the external IP in the SIP connection to open replies to.
          There is probably something similar there for the other services but we may not be able to see it.

          Steve

          1 Reply Last reply Reply Quote 0
          • W
            wesleylc1 Rebel Alliance
            last edited by wesleylc1

            Hi Steve,
            I performed a packet capture on WAN-ip, using filter on client remote address "140.242.250.200", my polycom is configured NAT for WAN-IP "189.20.108.XX", you can try to help me based on captured log's.

            vtcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on sk1, link-type EN10MB (Ethernet), capture size 262144 bytes
14:53:51.195282 IP 189.20.108.XX.3232 > 140.242.250.200.1720: Flags [S], seq 12312384, win 8192, options [mss 1456], length 0
14:53:51.349001 IP 140.242.250.200.1720 > 189.20.108.XX.3232: Flags [S.], seq 1312067764, ack 12312385, win 4380, options [mss 1460], length 0
14:53:51.351178 IP 189.20.108.XX.3232 > 140.242.250.200.1720: Flags [.], ack 1, win 8192, length 0
14:53:51.365850 IP 189.20.108.XX.3232 > 140.242.250.200.1720: Flags [P.], seq 1:229, ack 1, win 8192, length 228
14:53:51.520050 IP 140.242.250.200.1720 > 189.20.108.XX.3232: Flags [.], ack 229, win 5360, length 0
14:53:51.531834 IP 140.242.250.200.1720 > 189.20.108.XX.3232: Flags [P.], seq 1:111, ack 229, win 5360, length 110
14:53:51.533182 IP 189.20.108.XX.3232 > 140.242.250.200.1720: Flags [.], ack 111, win 8082, length 0
14:53:51.558796 IP 140.242.250.200.1720 > 189.20.108.XX.3232: Flags [P.], seq 111:261, ack 229, win 5360, length 150
14:53:51.559118 IP 189.20.108.XX.3232 > 140.242.250.200.1720: Flags [.], ack 261, win 8042, length 0
14:53:51.564237 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [S], seq 12440638, win 8192, options [mss 1456], length 0
14:53:51.716167 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [S.], seq 1302810247, ack 12440639, win 4380, options [mss 1460], length 0
14:53:51.717206 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1, win 8192, length 0
14:53:51.783631 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1:846, ack 1, win 8192, length 845
14:53:51.786574 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 846:857, ack 1, win 8192, length 11
14:53:51.885921 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1:513, ack 1, win 4380, length 512
14:53:51.885933 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 513:945, ack 1, win 4380, length 432
14:53:51.887110 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 513, win 7680, length 0
14:53:51.887206 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 945, win 7248, length 0
14:53:51.887416 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 945:956, ack 1, win 4380, length 11
14:53:51.889096 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 956, win 7237, length 0
14:53:51.940740 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [.], ack 846, win 5915, length 0
14:53:51.940752 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [.], ack 857, win 5915, length 0
14:53:51.958866 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 857:864, ack 956, win 8181, length 7
14:53:51.963400 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 864:870, ack 956, win 8192, length 6
14:53:52.038397 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 956:969, ack 857, win 5915, length 13
14:53:52.039127 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 969, win 8179, length 0
14:53:52.063747 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 870:915, ack 969, win 8192, length 45
14:53:52.091200 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 915:1004, ack 969, win 8192, length 89
14:53:52.132462 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [.], ack 870, win 5915, length 0
14:53:52.143346 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 969:1014, ack 870, win 5915, length 45
14:53:52.145111 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1014, win 8147, length 0
14:53:52.146042 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1014:1112, ack 870, win 5915, length 98
14:53:52.147115 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1112, win 8049, length 0
14:53:52.148748 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1112:1249, ack 870, win 5915, length 137
14:53:52.149125 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1249, win 7912, length 0
14:53:52.150236 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1249:1284, ack 870, win 5915, length 35
14:53:52.151142 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1284, win 7922, length 0
14:53:52.165168 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1004:1031, ack 1284, win 7922, length 27
14:53:52.186843 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1031:1058, ack 1284, win 8020, length 27
14:53:52.188603 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1058:1069, ack 1284, win 8020, length 11
14:53:52.190754 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1069:1077, ack 1284, win 8020, length 8
14:53:52.208542 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1077:1206, ack 1284, win 8020, length 129
14:53:52.210436 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1206:1214, ack 1284, win 8020, length 8
14:53:52.226882 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1214:1241, ack 1284, win 8157, length 27
14:53:52.228475 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1241:1249, ack 1284, win 8157, length 8
14:53:52.229118 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1284:1293, ack 915, win 5915, length 9
14:53:52.231158 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1293, win 8183, length 
14:53:52.244894 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1249:1284, ack 1293, win 8183, length 35
14:53:52.247840 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1284:1311, ack 1293, win 8183, length 27
14:53:52.272856 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1293:1302, ack 1004, win 5915, length 9
14:53:52.273134 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1302, win 8183, length 0
14:53:52.321386 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1302:1311, ack 1031, win 5915, length 9
14:53:52.323134 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1311, win 8183, length 0
14:53:52.350844 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1311:1324, ack 1077, win 5915, length 13
14:53:52.351147 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1324, win 8179, length 0
14:53:52.383996 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1324:1333, ack 1249, win 7605, length 9
14:53:52.385144 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1333, win 8183, length 0
14:53:52.417547 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1333:1342, ack 1311, win 7605, length 9
14:53:52.419156 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1342, win 8183, length 0
14:53:53.191208 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1311:1322, ack 1342, win 8192, length 11
14:53:53.191891 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1322:1330, ack 1342, win 8192, length 8
14:53:53.349391 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1342:1355, ack 1330, win 7605, length 13
14:53:53.351151 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1355, win 8179, length 0
14:53:54.079736 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1330:1365, ack 1355, win 8192, length 35
14:53:54.091519 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1365:1494, ack 1355, win 8192, length 129
14:53:54.233905 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1355:1364, ack 1365, win 7605, length 9
14:53:54.235171 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1364, win 8183, length 0
14:53:54.273647 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1364:1373, ack 1494, win 9295, length 9
14:53:54.275186 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1373, win 8183, length 0
14:53:54.286645 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1494:1529, ack 1373, win 8192, length 35
14:53:54.301896 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1529:1658, ack 1373, win 8192, length 129
14:53:54.448893 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1373:1382, ack 1529, win 9295, length 9
14:53:54.451173 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1382, win 8183, length 0
14:53:54.488835 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1382:1391, ack 1658, win 10985, length 9
14:53:54.489155 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1391, win 8183, length 0
14:53:54.499932 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1658:1693, ack 1391, win 8192, length 35
14:53:54.514226 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1693:1822, ack 1391, win 8192, length 129
14:53:54.658089 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1391:1400, ack 1693, win 10985, length 9
14:53:54.659249 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1400, win 8183, length 0
14:53:54.698031 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1400:1409, ack 1822, win 12675, length 9
14:53:54.699194 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1409, win 8183, length 0
14:53:54.709097 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1822:1857, ack 1409, win 8192, length 35
14:53:54.724136 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1857:1986, ack 1409, win 8192, length 129
14:53:54.866983 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1409:1418, ack 1857, win 12675, length 9
14:53:54.869173 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1418, win 8183, length 0
14:53:54.905928 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1418:1427, ack 1986, win 14365, length 9
14:53:54.907210 IP 189.20.108.X.3233 > 140.242.250.200.3234: Flags [.], ack 1427, win 8183, length 0
14:53:54.919729 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 1986:2021, ack 1427, win 8192, length 35
14:53:54.931719 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2021:2150, ack 1427, win 8192, length 129
14:53:55.076380 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1427:1436, ack 2021, win 14365, length 9
14:53:55.077207 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1436, win 8183, length 0
14:53:55.115922 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1436:1445, ack 2150, win 16055, length 9
14:53:55.117191 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1445, win 8183, length 0
14:53:55.128352 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2150:2185, ack 1445, win 8192, length 35
14:53:55.145844 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2185:2314, ack 1445, win 8192, length 129
14:53:55.284777 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1445:1454, ack 2185, win 16055, length 9
14:53:55.285173 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1454, win 8183, length 0
14:53:55.323921 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1454:1463, ack 2314, win 17745, length 9
14:53:55.325200 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1463, win 8183, length 0
14:53:55.340885 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2314:2349, ack 1463, win 8192, length 35
14:53:55.352551 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2349:2478, ack 1463, win 8192, length 129
14:53:55.504857 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1463:1472, ack 2478, win 19435, length 9
14:53:55.505197 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1472, win 8183, length 0
14:53:55.545598 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1472:1481, ack 2478, win 19435, length 9
14:53:55.547156 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1481, win 8183, length 0
14:53:55.561711 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2478:2513, ack 1481, win 8192, length 35
14:53:55.573761 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2513:2642, ack 1481, win 8192, length 129
14:53:55.725037 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1481:1490, ack 2513, win 19435, length 9
14:53:55.727196 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1490, win 8183, length 0
14:53:55.765379 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1490:1499, ack 2642, win 21125, length 9
14:53:55.767187 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1499, win 8183, length 0
14:53:55.780891 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2642:2677, ack 1499, win 8192, length 35
14:53:55.794249 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2677:2806, ack 1499, win 8192, length 129
14:53:55.944518 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1499:1508, ack 2677, win 21125, length 9
14:53:55.945185 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1508, win 8183, length 0
14:53:55.984359 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1508:1517, ack 2806, win 22815, length 9
14:53:55.985173 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1517, win 8183, length 0
14:53:56.001818 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2806:2841, ack 1517, win 8192, length 35
14:53:56.014327 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2841:2970, ack 1517, win 8192, length 129
14:53:56.164897 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1517:1526, ack 2841, win 22815, length 9
14:53:56.165186 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1526, win 8183, length 0
14:53:56.205638 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [.], ack 2970, win 24505, length 0
14:53:56.206037 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1526:1535, ack 2970, win 24505, length 9
14:53:56.207233 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1535, win 8183, length 0
14:53:56.219839 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 2970:3005, ack 1535, win 8192, length 35
14:53:56.233469 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3005:3134, ack 1535, win 8192, length 129
14:53:56.371796 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [.], ack 3005, win 24505, length 0
14:53:56.373793 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1535:1544, ack 3005, win 24505, length 9
14:53:56.375309 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1544, win 8183, length 0
14:53:56.414175 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1544:1553, ack 3134, win 26195, length 9
14:53:56.415189 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1553, win 8183, length 0
14:53:56.428395 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3134:3169, ack 1553, win 8192, length 35
14:53:56.444410 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3169:3298, ack 1553, win 8192, length 129
14:53:56.583387 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1553:1562, ack 3169, win 26195, length 9
14:53:56.585194 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1562, win 8183, length 0
14:53:56.622732 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1562:1571, ack 3298, win 27885, length 9
14:53:56.623175 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1571, win 8183, length 0
14:53:56.640433 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3298:3333, ack 1571, win 8192, length 35
14:53:56.652612 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3333:3462, ack 1571, win 8192, length 129
14:53:56.803268 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1571:1580, ack 3333, win 27885, length 9
14:53:56.805199 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1580, win 8183, length 0
14:53:56.842812 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1580:1589, ack 3462, win 29575, length 9
14:53:56.843208 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1589, win 8183, length 0
14:53:56.861649 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3462:3497, ack 1589, win 8192, length 35
14:53:56.873558 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3497:3626, ack 1589, win 8192, length 129
14:53:57.022749 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1589:1598, ack 3497, win 29575, length 9
14:53:57.023187 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1598, win 8183, length 0
14:53:57.063389 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1598:1607, ack 3626, win 31265, length 9
14:53:57.065192 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1607, win 8183, length 0
14:53:57.080970 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3626:3661, ack 1607, win 8192, length 35
14:53:57.094297 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3661:3790, ack 1607, win 8192, length 129
14:53:57.243129 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1607:1616, ack 3661, win 31265, length 9
14:53:57.245203 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1616, win 8183, length 0
14:53:57.283870 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1616:1625, ack 3790, win 32955, length 9
14:53:57.285184 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1625, win 8183, length 0
14:53:57.301597 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3790:3825, ack 1625, win 8192, length 35
14:53:57.314168 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [P.], seq 3825:3954, ack 1625, win 8192, length 129
14:53:57.462710 IP 140.242.250.200.3234 > 189.20.108.XX.3233: Flags [P.], seq 1625:1634, ack 3825, win 32955, length 9
14:53:57.463192 IP 189.20.108.XX.3233 > 140.242.250.200.3234: Flags [.], ack 1634, win 8183, length 0

            Best regards,
            Wesley Santos

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              You need to look into the SIP protocol and see what it's doing.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Yes, you would need to filer additionally by port 5060 and then download and check the actual SIP packets to see what is being sent. You probably don't want to post that publicly though.

                Steve

                W 1 Reply Last reply Reply Quote 0
                • W
                  wesleylc1 Rebel Alliance @stephenw10
                  last edited by

                  What would the tcpdump command syntax look like, just to filter everything to my wan-ip port 189.20.108.XX port 5060?

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    I would do it from the GUI but: https://docs.netgate.com/pfsense/en/latest/monitoring/performing-a-packet-capture.html

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • W
                      wesleylc1 Rebel Alliance
                      last edited by

                      @stephenw10

                      Hi Steve, how are you?
                      I monitored a connection made by my videoconferencing system, using "pftop" CLI my polycom connects with the target, but "NO_TRAFFIC: SINGLE" communication errors occur.

                      PR        DIR SRC                                           DEST                                                   STATE                AGE       EXP     PKTS    BYTES
rsvp      In  192.168.40.251:0                              140.242.250.200:0                              NO_TRAFFIC:SINGLE       00:15:15  00:00:19        0        0
tcp       In  192.168.40.251:3233                           140.242.250.200:1720                          ESTABLISHED:ESTABLISHED  00:07:57  23:58:04       15     1096
tcp       Out 189.20.108.XX:3233                            140.242.250.200:1720                          ESTABLISHED:ESTABLISHED  00:07:57  23:58:04       15     1096
tcp       In  192.168.40.251:3234                           140.242.250.200:3242                          ESTABLISHED:ESTABLISHED  00:07:57  23:59:35      181    10480
tcp       Out 189.20.108.XX:3234                            140.242.250.200:3242                          ESTABLISHED:ESTABLISHED  00:07:57  23:59:35      181    10480
udp       In  192.168.40.251:3232                           140.242.250.200:3262                           NO_TRAFFIC:SINGLE       00:07:56  00:00:30    19850 13004860
udp       Out 189.20.108.XX:3232                            140.242.250.200:3262                               SINGLE:NO_TRAFFIC   00:07:56  00:00:30    19850 13004860
udp       In  192.168.40.251:3231                           140.242.250.200:3261                           NO_TRAFFIC:SINGLE       00:07:51  00:00:29       95     7220
udp       Out 189.20.108.XX:3231                            140.242.250.200:3261                               SINGLE:NO_TRAFFIC   00:07:51  00:00:29       95     7220
udp       In  192.168.40.251:3233                           140.242.250.200:3263                           NO_TRAFFIC:SINGLE       00:07:51  00:00:29       95     9120
udp       Out 189.20.108.XX:3233                            140.242.250.200:3263                               SINGLE:NO_TRAFFIC   00:07:51  00:00:29       95     9120
udp       In  192.168.40.251:3235                           140.242.250.200:3265                           NO_TRAFFIC:SINGLE       00:07:51  00:00:29       95     7220
udp       Out 189.20.108.XX:3235                            140.242.250.200:3265                               SINGLE:NO_TRAFFIC   00:07:51  00:00:29       95     7220
udp       In  192.168.40.251:3237                           140.242.250.200:3267                           NO_TRAFFIC:SINGLE       00:07:51  00:00:29       95     7240
udp       Out 189.20.108.XX:3237                            140.242.250.200:3267                               SINGLE:NO_TRAFFIC   00:07:51  00:00:29       95     7240

                      Best regards,
                      Wesley Santos

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        That's not necessarily an error but you would expect more traffic when it connects correctly.

                        I would bet it's sending it's internal private IP still we've seen that many many times. Including numerous times when a VoIP provider told us it definitely wasn't and we had to prove it was using packet captures.

                        We would need to see the SIP packets to be sure.

                        PM them to me if you prefer. I'll take a look when I have time.

                        Steve

                        W 1 Reply Last reply Reply Quote 0
                        • W
                          wesleylc1 Rebel Alliance @stephenw10
                          last edited by

                          can i send you a .pcap packet capture for you to help analyze?

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Yes, start a chat and attach it there.

                            W 1 Reply Last reply Reply Quote 0
                            • W
                              wesleylc1 Rebel Alliance @stephenw10
                              last edited by

                              not allowed, your chat is restricted to people you follow only

                              1 Reply Last reply Reply Quote 0
                              • DerelictD
                                Derelict LAYER 8 Netgate
                                last edited by

                                Post whatever it is you think is telling you that. If that is the case it should not be. People chat me all the time without following.

                                Chattanooga, Tennessee, USA
                                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                W 1 Reply Last reply Reply Quote 0
                                • W
                                  wesleylc1 Rebel Alliance @Derelict
                                  last edited by

                                  ERROR
                                  This user has restricted their chat messages. They must follow you before you can talk to them

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Hmm, must have changed the default at a forum update or something. I've changed that setting now, try again.

                                    Steve

                                    W 1 Reply Last reply Reply Quote 0
                                    • W
                                      wesleylc1 Rebel Alliance @stephenw10
                                      last edited by

                                      Your chat is now released.

                                      1 Reply Last reply Reply Quote 0
                                      • W
                                        wesleylc1 Rebel Alliance
                                        last edited by

                                        Dear, I made the capture available on Google Drive

                                        1 Reply Last reply Reply Quote 0
                                        • stephenw10S
                                          stephenw10 Netgate Administrator
                                          last edited by

                                          Great I have that.

                                          There are no SIP packets in there so I can't check that directly but it looks like it's still sending it's internal IP as the address to connect back to which can never work. For example:

                                          Selection_677.png

                                          And:

                                          Selection_678.png

                                          I won't to be any sort of expert in those protocols but from your description of the behaviour and the fact we see only outgoing RTP traffic in the pcap I think it is not configured to send the external IP.

                                          You need to set that correctly in the Polycom device before it can work behind NAT.

                                          Steve

                                          1 Reply Last reply Reply Quote 0
                                          • W
                                            wesleylc1 Rebel Alliance
                                            last edited by

                                            Hi, thanks for your effort to help solve my case.
                                            Please can you explain if I used the filter correctly, I intended to monitor only LAN-ip traffic, using a filter for polycom IP address "192.168.40.251", when NAT requests occur, they should be caught in tcpdump using the command filter below?

                                            tcpdump -nvxi re0 -w capture.pcap host 192.168.40.251

                                            I captured packets from the WAN-ip interface, using a filter for WAN-ip and LAN-ip addresses, but when analyzing wireshark did not find NAT requests, I will forward the link of this packet in your chat.
                                            I used the command below.

                                            tcpdump -nvxi sk1 -w new.pcap "(host 189.20.108.XX or host 192.168.40.251)"

                                            Best regards,
                                            Wesley Santos

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.