Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outgoing NAT Rule for pfSense, FreePBX, and Flowroute

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mynorx
      last edited by

      Hello I'm new to both the community and pfSense. Recently I put together my first pfSense router. The build, installation, and initial configuration were fairly easy. I'm also running both freenas and freepbx servers in my network. Some how everything was playing nice right out of the box, I'm not sure if pfSense auto detected my Voip server but after assigning static IPS to phones and minor configurations to my Voip server everything was working well (I didn't need to configure any incoming or out going ports everything just worked). I had a small problem after flowroute (trunk provider) emailed me and let me know that I had to change over to new server IPS. I went ahead and made the switch, upon completing the configuration and restarting everything I was able to dial out and receive calls but no voice could be heard on either end. From my limited experience I kinda figured it had something to do with opening ports on NAT ( I had to do that on my old ASUS router).

      I went ahead and started researching and ran across different articles where people where having Issues. I ran into a youtube video along with some instructions on how to configure NAT for a VoIP PBX Links below:
      [https://docs.netgate.com/pfsense/en/latest/nat/configuring-nat-for-a-voip-pbx.html](link url)

      https://youtu.be/C0JgrzxXIBY

      I followed the instructions very close. Upon completing the configuration my Voip server stopped making contact with the Trunk, I went ahead and deleted all of those rules I initially created ( I probably goofed something up) and followed this set of instructions that comes directly from flowroute:
      https://support.flowroute.com/customer/portal/articles/1852969-pfsense-firewall-configuration[link text](link url)

      After completing the configuration of the Firewall/NAT/outbound on manual mode, the VoIP server started working perfectly fine. I did notice that on the configuration entry called "Source" on the documentation it states to put in the IP address of the Voip Server (I do have it on a static address) but after submitting the configuration, the "Source" entry IP changes to 192.168.5.0 Instead of my Voip servers static address of 192.168.5.254.
      Also If I put Flowroutes server IP (34.210.91.112) on "Destination" or add the ports (5060 is what needs to be open) on the "Port or Range" field the Voip still connects and it both places and receives calls, but fails to send or receive voice signal.

      Like I said I'm new to using pfSense, I would like to know if there are any security risks associated by leaving the outbound entry as is configured by flowroutes instructions, or should I be looking to configure something else?
      Im also running SNORT and have the FreePBX firewall configured, I've stopped them both while making that configurations and started them back up after completing the configurations. Everything seems to be running well I just don’t know if there is a security risk involved.
      I don’t have anything configured or listed in the Port Forward, 1:1 tabs. Only in Outbound.
      Thank you.

      N 1 Reply Last reply Reply Quote 0
      • N
        netblues @Mynorx
        last edited by netblues

        @Mynorx As you said, things were working fine, until you changed trunk server ip.
        In general, if you have freepbx being registered, this also maintains states and there isn't much to configure. (unless you also need qos, but that's something to take care at a later stage.)
        No there is no security issue involved with outbound nat.
        Its a good idea to disable freepbx firewall unless you also have internal threats consider.
        (freepbx fw is designed to protect the product living on the wild internet.)
        At least stop it while you are investigating. Makes life easier.

        Since you are having issues with rtp, try portforwading the rtp range configured on freepbx from the internet facing interfacing to your host internal ip
        Then go to diagnostics states and type the ip of freepbx and see if you have relevant states. Also use the trunk ip and see what happens.

        pfsense works nicely with freepbx in many production environments.

        ps do post your rules, there shouldn't be any discrepancies with the ip's you mention.
        You are probably doing something wrong...

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.