SIP Not Working Behind Pfsense
-
SIP was never designed to be behind NAT when it was first implemented. But it was hacked in later.
Behind two NAT boxes is just asking for trouble.. but I digress.
Try putting the SIP clients behind static ports.
/firewall_nat_out.php add a mapping and make it static port for your devices SIP ports.
-
@chpalmer
Thank for the replybut i dont know how to Set static mapping in Pfsense .
You already try pfsense with SIP ?
thanks
-
@janiboy What does the SIP provider advise? Whatever NAT is configured in the Cisco should be able to be duplicated in pfSense but it would be far easier to know what those rules need to do. There is no "SIP." Every implementation is different especially where NAT requirements are concerned.
-
The ASA (PIX) has "Inspect SIP" as default ==> SIP ALG
The Cisco Modem might have the same stuff (ALG)
Prob. rewriting the outbound sip packets source ip from RFC1818 to the "Outside/Public IP"/Bingo
-
@bingo600 Yeah, that's why I asked for the config of the cisco and the advice from the SIP provider. They should know every last detail about what NAT, etc needs to happen (ROFL). The advice these days seems to be mostly, "be sure to disable any any SIP ALGs."
-
Thanks for the replies,
Sorry the provider wont give any details, because they don't want to loss their profit on the cisco router because every month we are billed.
i only have the IP on that cisco firewall.
IG0 - 10.200.94.182 /30 going to their modem
IG1 - 192.168.1.1/24but i will try ask them again if they can provide it thanks.
-
-
@janiboy said in SIP Not Working Behind Pfsense:
but i dont know how to Set static mapping in Pfsense .
I have several pfSense implementations with VOIP phones and other SIP devices behind. Generally these days most VOIP providers do not need static port but there are one or two that do.
https://docs.netgate.com/pfsense/en/latest/nat/outbound.html#static-port
-
@chpalmer said in SIP Not Working Behind Pfsense:
https://docs.netgate.com/pfsense/en/latest/nat/outbound.html#static-port
Thanks for the reply sir,
Is there any video or image that I can walk through this process, sorry because im new to it.
-
Go to /firewall_nat_out.php ( http://"yourfirewall"/firewall_nat_out.php )
or another way to describe..
Firewall / NAT / Outbound
... Ill get a screen capture momentarily..
-
Go down to mappings and then "add"..
-
The local address shown would be my SIP device/client machine. If it is a machine doing multiple tasks then adding the SIP port would be prudent.
-
"Outbound NAT Mode" then should be "Hybrid".
-
i got this on my side, my panasonic NS300 ip 192.168.1.102 , my WAN is 10.200.94.182.
witch ip should i put on the source?
thanks
-
@janiboy said in SIP Not Working Behind Pfsense:
my panasonic NS300 ip 192.168.1.102 , my WAN is 10.200.94.182.
witch ip should i put on the source?
"SIP device/client machine."
The LAN device at 192.168.1.102
-
-
@derelict Talked to SIP provider, They know about the config maybe non technical person, by the way sip cisco router model is Cisco 4321.
-
@janiboy said in SIP Not Working Behind Pfsense:
no need to add anything ?
???
The LAN device at 192.168.1.102
You need to add your client device as the "source".
-
@janiboy said in SIP Not Working Behind Pfsense:
i got this on my side, my panasonic NS300 ip 192.168.1.102 , my WAN is 10.200.94.182.
Please note that even if your "Wan is 10.200.94.182" , that is not your public ip address (aka the ip address you are seen with on the internet).
Somewhere between your "Wan" and the internet someone is Natting your 10.200.94.182 , to a non RFC1918 ip address.
You could (from a browser behind your WAN) , go to this site : https://www.myip.com/
And it will show what IP you currently are seen as on the internet.
That would also be the ip address that external sip devices (phones/servers) should reply to.
/Bingo
