SIP and PBX port Forward



  • Hello
    I do not understand where do i post this.
    I forward sip and rtp port from openvpn to pfsense. Then pfsense to lan pbx server. Local call fine but call receive from Google voice hung up after 10 second and GSM call has one way audio issue.
    Centos VPS Vpn iptables rules :

    
    -P INPUT ACCEPT
    -P FORWARD ACCEPT
    -P OUTPUT ACCEPT
    -N AS0_ACCEPT
    -N AS0_IN
    -N AS0_IN_NAT
    -N AS0_IN_POST
    -N AS0_IN_PRE
    -N AS0_IN_ROUTE
    -N AS0_OUT
    -N AS0_OUT_LOCAL
    -N AS0_OUT_POST
    -N AS0_OUT_S2C
    -N AS0_U_PFSENSE_OUT
    -N AS0_U_SAMSUNG_OUT
    -N AS0_WEBACCEPT
    -A INPUT -m state --state RELATED,ESTABLISHED -j AS0_ACCEPT
    -A INPUT -i lo -j AS0_ACCEPT
    -A INPUT -d "vps public ip"/32 -p tcp -m state --state NEW -m tcp --dport 915 -j AS0_ACCEPT
    -A INPUT -d "vps public ip"/32 -p tcp -m state --state NEW -m tcp --dport 914 -j AS0_ACCEPT
    -A INPUT -d "vps public ip"/32 -p udp -m state --state NEW -m udp --dport 917 -j AS0_ACCEPT
    -A INPUT -d "vps public ip"/32 -p udp -m state --state NEW -m udp --dport 916 -j AS0_ACCEPT
    -A INPUT -m state --state RELATED,ESTABLISHED -j AS0_WEBACCEPT
    -A INPUT -d "vps public ip"/32 -p tcp -m state --state NEW -m tcp --dport 943 -j AS0_WEBACCEPT
    -A INPUT -p udp -m udp --dport 1195 -j ACCEPT
    -A INPUT -m mark --mark 0x2000000/0x2000000 -j AS0_IN_PRE
    -A INPUT -p udp -m udp --dport 1195 -j ACCEPT
    -A INPUT -p udp -m udp --dport 1195 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 91 -j ACCEPT
    -A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
    -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
    -A FORWARD -i venet0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A FORWARD -i tun0 -o venet0 -j ACCEPT
    -A FORWARD -m state --state RELATED,ESTABLISHED -j AS0_ACCEPT
    -A FORWARD -s 10.8.0.0/24 -j ACCEPT
    -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A FORWARD -m mark --mark 0x2000000/0x2000000 -j AS0_IN_PRE
    -A FORWARD -o as0t+ -j AS0_OUT_S2C
    -A FORWARD -s 10.8.0.0/24 -j ACCEPT
    -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A FORWARD -i venet0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A FORWARD -d "10.8.0.2:Pfsense ip"/32 -p tcp -m tcp --dport 9002 -j ACCEPT
    -A FORWARD -i tun0 -o venet0 -j ACCEPT
    -A FORWARD -d "10.8.0.2:Pfsense ip"/32 -p tcp -m tcp --dport 2345 -j ACCEPT
    -A FORWARD -d "10.8.0.2:Pfsense ip"/32 -p udp -m udp --dport 5004:5082 -j ACCEPT
    -A FORWARD -d "10.8.0.2:Pfsense ip"/32 -p udp -m udp --dport 10000:20000 -j ACCEPT
    -A OUTPUT -o as0t+ -j AS0_OUT_LOCAL
    -A AS0_ACCEPT -j ACCEPT
    -A AS0_IN -d 172.27.224.1/32 -j ACCEPT
    -A AS0_IN -j AS0_IN_POST
    -A AS0_IN_NAT -j MARK --set-xmark 0x8000000/0x8000000
    -A AS0_IN_NAT -j ACCEPT
    -A AS0_IN_POST -o as0t+ -j AS0_OUT
    -A AS0_IN_POST -j DROP
    -A AS0_IN_PRE -d 169.254.0.0/16 -j AS0_IN
    -A AS0_IN_PRE -d 192.168.0.0/16 -j AS0_IN
    -A AS0_IN_PRE -d 172.16.0.0/12 -j AS0_IN
    -A AS0_IN_PRE -d 10.0.0.0/8 -j AS0_IN
    -A AS0_IN_PRE -j ACCEPT
    -A AS0_IN_ROUTE -j MARK --set-xmark 0x4000000/0x4000000
    -A AS0_IN_ROUTE -j ACCEPT
    -A AS0_OUT -d 0.0.0.0/32
    -A AS0_OUT -d 0.0.0.0/32
    -A AS0_OUT -j AS0_OUT_POST
    -A AS0_OUT_LOCAL -p icmp -m icmp --icmp-type 5 -j DROP
    -A AS0_OUT_LOCAL -j ACCEPT
    -A AS0_OUT_POST -m mark --mark 0x2000000/0x2000000 -j ACCEPT
    -A AS0_OUT_POST -j DROP
    -A AS0_OUT_S2C -j AS0_OUT
    -A AS0_U_PFSENSE_OUT -s 172.27.224.0/20 -j ACCEPT
    -A AS0_U_PFSENSE_OUT -j AS0_OUT_POST
    -A AS0_U_SAMSUNG_OUT -s 172.27.224.0/20 -j ACCEPT
    -A AS0_U_SAMSUNG_OUT -j AS0_OUT_POST
    -A AS0_WEBACCEPT -j ACCEPT
    
    ```![tp.jpg](/public/_imported_attachments_/1/tp.jpg)
    ![tp.jpg_thumb](/public/_imported_attachments_/1/tp.jpg_thumb)