Port Forwarding being overridden by second server

  • Let me start with a short description. Perhaps someone familiar with the inner workings might understand whats going on.

    pfSense is up to date…

    asterisk voip server #1 on Lan Nat Port forwarding, Rules and Static outgoing all set up for port 5060 no RTP mapping needed.
    this works without issue.

    Server #2 is a sandbox system configured only to make outgoing calls. My provider use IP Auth so no registration is required. If a call is sent to them with the proper credentials it will be processed. There are no port forwards to this server. There is an outgoing NAT outbound rule set up for a static port so that RTP audio works properly.

    Sometimes both systems seem to be able to coexist but at other times here's what seems to be happening. If a call is placed through server #2 to the provider pfSense is dynamically doing what a router is supposed to do in terms of passing the port 5060 requests and setting up the RTP ports. Problem is that dynamic mapping creates an entry in the States table that effectively maps incoming traffic from the provider to Server #2. That effectively disables the existing port forwarding for server #!1. Future incoming call attempts meant for server #1 instead go to Server #2.

    So my questions comes down to the relationship between defined port forwards vs. those done on the fly by the firewall. Is there a way to control who wins if that is in fact the issue? Maybe it's something else....

Log in to reply