Pfsense errors reloading filter, passing 80mb voip traffic, blocked packets

  • Hello everyone,

    I have a fresh install of 2.3.1 amd64 on a hp dl360 g5 server used to pass voip phone calls and im getting some odd behavior. Our setup is very simple, we have a 100mb fiber connection with an ONT to copper which is connected to the WAN port of the pfsense server,  then we have a LAN port connected to a sg-200 cisco switch. From the switch we have 10 asterisk dialers all with public ip addresses which initiate and send calls to our providers which are outside of the network. Below are the issues i am having.

    1. The only way i can pass traffic without getting inblock packets is by completely opening 5060 - 5080 and 10000 - 60,000 - if i just create rules for each provider and disable 5060 - 5080 and 10,000 to 60,000 UDP then i get massive packet blocking. Obviously opening these ports is not a viable option because then my network is wide open.

    2. Anytime i reload filter while i am passing traffic i get a ton of WAN in errors…. it only happens when i reload the filters or enable or disable the sip rules above and then reload the filter. Every time reload filter is pressed while i am passing voip traffic the errors occur. (Wan in and Lan in errors)

    Lastly, and i just noticed this.... when i go to my rules and then modify a rule and apply filter.... the changes arent being saved. I created a rule to PASS on the WAN interface ANY protocol to SOURCE Single host or alias and entered ip address to any destination i can save it and apply filter. If i go back to that rule and change from single host or alias to network, leave the ip address and then select a bitcount... after saving and applying filters the changes i made disappear.

    Below are specs of the hardware we are using.

    HP DL360 G5 2x Intel Xeon quad core E5345 processors
    16gb of ram
    (2) 72gb sas drives mirrored
    P400I raid
    Embedded nic for WAN and LAN
    Pfsense 2.3.1, already tried versions 2.3.2 and 2.1.5 and observed WAN in errors, Duplex is set to auto and cabling is in perfect condition.

    We typically pass 500,000k packets per second using 70 - 80mb running 2,500 lines.

    Any help would be appreciated, this is my last ditch effort before i go back to my Cisco NPE-G2 or just not use a router and whitelist.

Log in to reply