Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Nat on internal interfaces (voip problem)

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      geom
      last edited by

      Is nat active on 'private' interfaces?

      I ask because I have run into a situation with a voip setup that is baffling me.  Below is the layout:

      WAN1–-         ---TrixBox/OtherServers  (10.0.0.0/24)
                |        |
                -PFSense
                |        |
      WAN2---         ---Phones/OtherClient Comps (10.1.0.0/24)

      When I place a phone in the same network as the TrixBox it can dial out and get to VM and everything.  However when I try the same thing with a phone in the other network as shown it can't dial any other extensions or outbound.  The phone has clearly connected to the Trixbox though as it has all the display data that would be missing if it could not.  A phone in the Trixbox network can dial extensions in the 10.1.0.0/24 network but not get any audio returned.

      The rules on the firewall are allow any port/protocol coming from the phone/client net to the server net with the 'default' gateway selected, and vice versa on the server net interface.  There is a dual wan setup rule as well that directs all other traffic from the 10.1.0.0/24 net out an LB interface.  On the Server side there is a rule just forcing traffic out the WAN1 interface.  The Trixbox gets SIP trunks from the Internet and rules for that are placed on WAN1

      The Nat config is that the Trixbox is setup with a 1:1 NAT to WAN1.  The 10.1.0.0/24 net has translations outbound for both the WAN1 and WAN2, with WAN2 preferred in the LB.

      All other client traffic seems to work fine except this voip.  I'm starting to suspect that somehow the sip port is getting rewritten (as I have seen on other messages regarding connections to the internet), but I don't know if NAT is enabled on all interfaces for all traffic.

      Can anyone shed some light on what I may be doing wrong or suggest a configuration tweak?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.