NAT 1:1 to PBX

  • I may be doing this quite wrong and there may be a better approach. I have a PFSense box with three virtual network cards setup.

    Card 1 -> LAN
    Card 2 -> WAN
    Card 3 -> OPT1

    LAN is on
    OPT1 is on

    Idea is to have a server with a virtual PBX sitting on, phones also on I have PFSense dialling for the SIP trunks over WAN. Then the customer provides one IP from their network (192.168.0.x) for this example. I decided to put 1:1 NAT on OPT1 with their provided IP and configure the following:

    PBX on
    PFSense as local gateway on on LAN
    Customer gives me address and I put this in as an alias on interface OPT1.
    I then add in a 1:1 NAT with external address being and internal being
    Lastly I add in the rule to allow 0.210 to 104.10.

    When testing I can access SSH, web and pretty much any server. Which proves that my 1:1 configuration works. However
    one application running on a test computer on the network fails to return that it is connected. I have run
    a Wireshark trace and get responses until it negotiates a TLS certificate. It then fails with TLS error, which is
    encrypted. I was suspecting the application until I connected the same PC onto the network and it
    connected problem.

    Is there any other way to trace why it is failing on one application attempting TLS connection. Does TLS become affected
    by 1:1 NAT?

    Is there a better way to separate the two networks? I only need the customer to reach the PBX for example web
    access to change address book etc.


  • Banned

    What PBX software are you using.  they are not all the same.

Log in to reply