Local PBX and PFsense Firewall NAT



  • Hi,

    I have followed a guide on youtube for setting up NAT for freePBX.

    https://www.slideshare.net/NetgateUSA/firewall-best-practices-for-voip-on-pfsense-pfsense-hangout-october-2017

    I hvae tried option Port Forward with Outbound rule and 1:1 method.

    My settings are like this
    a7e7c4e9-1fd2-4801-84a4-70332bcf93f6-image.png

    I have Internal PBX - 10.10.10.5 and there is a route to firewall LAN interface vise verse.
    External gateway IP from ISP is 217.xxx.xxx.xxx and the SIP Channel IP is 88.xxx.xxx.xxx

    Then I have WAN Rule open all the UDP traffic as below. (I have open all the UDP Traffic to test. I know I will cut it down once it's working.)

    2d8eadd1-3b0a-4f85-b5c2-27180a8a6bcd-image.png

    When I make a call external I get No Traffic in state.

    b8c43707-e121-45d9-b3f7-074b6f2da174-image.png

    Then I create a LAN rule as below.

    47c4f179-198b-4acc-a902-05b2b51eb9b4-image.png

    Results

    f14116f6-8539-4c7d-b822-1da9dbc47dea-image.png

    I have tried the option port forward +Outbound rule with static IP . It's the same results.

    I have change the Firewall Optimization Option to Conservative and NAT Reflection mode for port forwards PureNAT.

    Please Please Please if anyone has any idea please share it with me.

    Thanks in advance. :)



  • Appreciate if anyone has done this and share the knowledge with me please .

    :)

    Thanks



  • Delete all the rules above and create a port forwarding rule:

    Everything that hits the external interface's IP on port 5060 is forwarded to the PBX on 5060.

    This should give you the main connection. Then check the udp port range the PBX uses for actual communication (RTP).

    Forward those ports as well from external IP to the PBX.

    If the RTP ports cannot be nailed down to reside in a certain range, check if the PBX can use a STUN server and if your provider offers one. If so, the PBX connects to the STUN server, does a handshake when it comes to ports and then uses those ports on the firewall (punches holes in the state table for said udp ports) and keeps them open and alive.


Log in to reply