Configuration with Two SIP Connections
-
@stephenw10 said in Configuration with Two SIP Connections:
@chpalmer said in Configuration with Two SIP Connections:
Generally you should not have to port forward anything no matter what anyone tells you. But you probably will need firewall rules from their servers to your devices on your WAN tab
I can't really agree with that. If you don't have port forwards firewall rules on the WAN interface cannot pass anything except to the firewall itself which isn't generally useful. Unless I'm misreading that.
Im assuming SIP client devices here. Maybe Im reading it wrong.
I do this all the time with clients. The information as to where the SIP server needs to contact the client is already in the SIP header. There is no need to lock down ports to one client via port forwarding. If you want to run multiple SIP clients and then port forward all your RTP to one device then you can no longer use those ports for the second (or more) device(s). I generally bring this up to anybody that tries to say that NAT is a good security measure. Put your network behind a device that just does NAT and look at your clients onboard firewall logs and then try and tell me that no one can get past NAT inbound..
Simply allowing the SIP server access to your client devices is all that is needed.
If this is indeed a PBX behind the firwall situation then I have not attempted that personally.
-
Dear all, thanks for the answers you have given. I have considered to post the picture of my current setup so that you may know exactly how to advise me.
I have Two providers (ISP 1 & ISP 2) that I have them terminated into my pfSense as shown. Similarly I have a IP PBX and VOIP Phones(extensions) connected to the switch as shown.
I have already configured all extensions and the PBX and all seem to work well. But I fail to find the correct way to configure SIP to work in my network.
Looking forward to your help.
-
Ok, so in a situation with only phones behind the firewall and an external PBX you usually do not need to do anything on the firewall. No port forwards are required and firewall rules on WAN cannot do anything without port forwards.
Here you have the PBX behind pfSense so you would normally require SIP and RDP ports forwarding to to it.
There should be no reason why you cannot forward SIP and RDP from both providers to the PBX though.What problem are you actually seeing here?
Steve
-
I have configured SIP and RDP and they seem to work for one Provider whose Gateway is the default. But for the other I am still facing an issue. I am trying to ping the provider SIP Server but I cannot get it. Is there anything to be done in the routing since the packets seem to go to the default gateway.
-
Ah, it's actually two VoIP providers and two ISPs?
Then, yes, you will need a rule on the internal interface to pass traffic going to the new provider with the 2nd gateway set so it leaves that way. Make sure that rule is above any default pass rule.
Steve
-
Yes I have two ISPs who also provide me the VOIP service. I will apply the suggestion given to see how things work.
Thanks Steve.
-
To which interface will I exactly apply these rules. Will they be applied to the associated interface where the ISP link is connected or just to the LAN interface.
Suppose I want to make a call using a specific provider will it be necessary to define static routes.
Thanks
-Lusekelo -
You just need to make sure the PBX uses the correct WAN to reach the whichever provider it's connecting to. So you can policy route that using a firewall rule on the internal interface as I suggested or you could add static routes. Static routes will apply globally where as a policy route could be applied to only traffic from the PBX for example. In this case it probably doesn't make much difference as only the PBX should be connecting to the provider.
Steve
-
Double NAT'd behind both WAN's
-
Ah, I had assumed those 10. IPs were just examples and that the two WANs were real public IPs.
If they are not it's hard to see how the first connection works. But you would certainly have to forward all the traffic through each ISP router in that case.
Steve
-
I have applied 1:1 NAT to each WAN for Voice Connection to PBX but it does not produce the expected result. Only one WAN seems to work which is in default gateway. Is there any rule or anything else I need to apply?
Thanks
-Lusekelo -
You are right Stephen, the IPs are not actual. However one provider is using Private and the other has provided a Public IP. I have added routes back to providers network but still cannot reach the SIP Server of one provider. The provider who is using a public IP is reachable by the PBX
Thanks,
-Lusekelo -
Is the second providers network reachable at all? From anywhere?
I assume you mean they supplied a modem/router device and it is NATing the connection?
If they are really giving you a private IP to connect to as the SIP trunk I'm not sure how you're supposed to reach it.
Steve
-
Thank you for your concern in my case.
When the configuration from the second provider is directly done to the PBX Box while the first is through pfsense, I can use both Providers at the same time. My situation is, I do not want to hook providers into into the PBX hoping in the future I may have other Voice Connection from other providers as well. Connecting the PBX through the switch I think in my case is the optimal one just as I described in the diagram.
-Lusekelo
