Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Local PBX and PFsense Firewall NAT

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 569 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      popeel-SSH
      last edited by popeel-SSH

      Hi,

      I have followed a guide on youtube for setting up NAT for freePBX.

      https://www.slideshare.net/NetgateUSA/firewall-best-practices-for-voip-on-pfsense-pfsense-hangout-october-2017

      I hvae tried option Port Forward with Outbound rule and 1:1 method.

      My settings are like this
      a7e7c4e9-1fd2-4801-84a4-70332bcf93f6-image.png

      I have Internal PBX - 10.10.10.5 and there is a route to firewall LAN interface vise verse.
      External gateway IP from ISP is 217.xxx.xxx.xxx and the SIP Channel IP is 88.xxx.xxx.xxx

      Then I have WAN Rule open all the UDP traffic as below. (I have open all the UDP Traffic to test. I know I will cut it down once it's working.)

      2d8eadd1-3b0a-4f85-b5c2-27180a8a6bcd-image.png

      When I make a call external I get No Traffic in state.

      b8c43707-e121-45d9-b3f7-074b6f2da174-image.png

      Then I create a LAN rule as below.

      47c4f179-198b-4acc-a902-05b2b51eb9b4-image.png

      Results

      f14116f6-8539-4c7d-b822-1da9dbc47dea-image.png

      I have tried the option port forward +Outbound rule with static IP . It's the same results.

      I have change the Firewall Optimization Option to Conservative and NAT Reflection mode for port forwards PureNAT.

      Please Please Please if anyone has any idea please share it with me.

      Thanks in advance. :)

      1 Reply Last reply Reply Quote 0
      • P
        popeel-SSH
        last edited by

        Appreciate if anyone has done this and share the knowledge with me please .

        :)

        Thanks

        1 Reply Last reply Reply Quote 0
        • GrimetonG
          Grimeton
          last edited by

          Delete all the rules above and create a port forwarding rule:

          Everything that hits the external interface's IP on port 5060 is forwarded to the PBX on 5060.

          This should give you the main connection. Then check the udp port range the PBX uses for actual communication (RTP).

          Forward those ports as well from external IP to the PBX.

          If the RTP ports cannot be nailed down to reside in a certain range, check if the PBX can use a STUN server and if your provider offers one. If so, the PBX connects to the STUN server, does a handshake when it comes to ports and then uses those ports on the firewall (punches holes in the state table for said udp ports) and keeps them open and alive.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.