Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFBlockerNG - want to allow country but also SIP provider on static IP

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 290 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fusionp
      last edited by

      Hi all, I've got some questions regarding pfblocker. I've checked out the youtube tuts and the wiki, but still need some guidance here.

      I have a class C public block of IP's, I have these set via VIP's on my WAN, I'm currently doing a 1:1 NAT for my SIP from my voip provider 3.3.3.3 to my WAN 2.2.2.2, I also have UDP(range) and SIP ports open to the public on 2.2.2.2. The 1:1 and port forwarding are going to my private SIP 1.1.1.1.

      I would now like to add my country as a geo-location on pfblocker, so only allow my country, but still want the 1:1 NAT and port forwarding rules plus my voip providers IP(not hosted in my country) to take affect.

      Does that make sense?
      So anyone in my country plus one external to my country IP to have access to 2.2.2.2….as specified by my current 1:1 rules and port forwarding.

      I'm confused by the "custom destination in "advanced inbound rule" where it says "Click Here to add/edit Aliases Do not manually enter Addresses(es)."

      Does this mean as I read it that I must create an Alias for my public IP 2.2.2.2 or must I create this for my internal IP 1.1.1.1?
      Must I create the "list action" as "alias permit" or "alias native"? And will this still take into account my 1:1 NAT and UDP port forwards I currently have open to the world and then just suppress access for IP's originating in my country?

      Which is what I want, so effectively I have:

      2.2.2.2 > 1:1 NAT > 1.1.1.1
      SIP port forward on 2.2.2.2 to 1.1.1.1.
      UDP range port forward on 2.2.2.2 to 1.1.1.1

      I want this to remain but with the exception of adding
      3.3.3.3 >SIP port forward on 2.2.2.2 to 1.1.1.1
      And then denying anything else outside of my country

      Net result
      3.3.3.3 >SIP port forward on 2.2.2.2 to 1.1.1.1
      3.3.3.3 >UDP range port forward on 2.2.2.2 to 1.1.1.1
      My-Country > SIP port forward on 2.2.2.2 to 1.1.1.1.
      My-Country > UDP range port forward on 2.2.2.2 to 1.1.1.1.

      Any help or inkling appreciated!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.