NAT / PAT config for Flowroute SIP
I'm having some trouble with inbound calls on Flowroute. During initial testing I used SIP registration routing for inbound calls. A few basic tests succeeded but at some point yesterday, inbound calls stopped working. Flowroute support suggested changing the Firewall Optimization Options setting (System > Advanced > Firewall & NAT) to Conservative. Even after rebooting pfSense, this made no difference. We have a few DIDs anyway, and I wanted more control over inbound call routing, so I changed my configuration to host routing for inbound calls. We have a Cisco Linksys SPA8000 ata behind (inside) pfSense. From what I've read, I think our inbound and outbound NAT/PAT rules and firewall rules should be sufficient to get SIP and RTP working with the SPA8000, but inbound calls still aren't working. I also temporarily changed inbound NAT/firewall rules to a source of any, in case our alias for Flowroute networks isn't comprehensive. With two of our DIDs, I hear a busy signal/tone. For a third (toll free) DID, I hear ringing, then a message about the number being disconnected or no longer in service. Flowroute support says that SIP INVITE messages are being routed to us when I make a test call, but they aren't seeing any responses. Our Flowroute DID host route configuration looks like this (DID numbers and hostnames are fictional):
The relevant (I think) part of our pfSense config is attached.
The pfSense WAN interface (connected to an SB6190 cable modem) has a dynamic public IP from Comcast Business Class. No double NAT here. I also did a packet capture on WAN, while making a test inbound call. I saw nothing captured that seemed to be from Flowroute...
Edit: I changed the firewall rule destination for inbound SIP and RTP to the internal/private IP address of the SPA8000, to account for NAT processing. The destination had been set to the WAN address, as in the attached config file.
Your suggestions will be appreciated!
A tcpdump session on the VOIP interface (inside) shows the SPA8000 is responding to inbound call attempts with "SIP/2.0 410 Gone."
See attached dump.
Using Flowroute's host routing (no SIP registration / routing), I apparently needed to enable Ans Call Without Reg in the section Proxy and Registration on the SPA8000 trunks (on lines, if I were routing to individual lines) in question.
Inbound calls are now working as expected.