Disable NAT Reflection - strange behaviour
If you are struggling with NAT reflection when playing with VOIP phones then you might consider this :
When you have the "Disable NAT Reflection" active (box checked) and you then un-check the box meaning that you are actually enabling the creation of reflection rules it
seems that those rules are NOT created for the existing Firewall / NAT / forwarding rules.
As such I needed to delete and recreate the firewall / NAT / forwarding rules and then those reflection rules are created for those newly created firewall / NAT / forwarding rules.
I confirmed this by having a :
- Disable NAT reflection checked
- a port forward rule for ssh to a port 4100
- ssh -p 4100 firstname.lastname@example.org to reach an internal server at imft.org via it's public (dynamic) DNS name did not work
then I unchecked the "Disable NAT reflection" option
ssh -p 4100 email@example.com still did not work
then I deleted the firewall/NAT forwarding rule for 4100
and recreated the exact same 4100
now ssh -p 4100 firstname.lastname@example.org works like a charm.
My conclusion on this is that simple unchecking the box next to "Disable NAT reflection" won't fix your problem unless you recreate the existing firewall/NAT rules.
Feel free to correct me, I'm just learning pfsense.
But I do have my asterisk server working in a DMZ network behind pfsense and SIPphones both inside on the production LAN and outside pfsense can connect nicely to the asterisk server.
The only thing missing is getting my wireless SIP phones working. These are on another pfsense network segment. (my blue if you have a ipcop background)