Nat on internal interfaces (voip problem)



  • Is nat active on 'private' interfaces?

    I ask because I have run into a situation with a voip setup that is baffling me.  Below is the layout:

    WAN1–-         ---TrixBox/OtherServers  (10.0.0.0/24)
              |        |
              -PFSense
              |        |
    WAN2---         ---Phones/OtherClient Comps (10.1.0.0/24)

    When I place a phone in the same network as the TrixBox it can dial out and get to VM and everything.  However when I try the same thing with a phone in the other network as shown it can't dial any other extensions or outbound.  The phone has clearly connected to the Trixbox though as it has all the display data that would be missing if it could not.  A phone in the Trixbox network can dial extensions in the 10.1.0.0/24 network but not get any audio returned.

    The rules on the firewall are allow any port/protocol coming from the phone/client net to the server net with the 'default' gateway selected, and vice versa on the server net interface.  There is a dual wan setup rule as well that directs all other traffic from the 10.1.0.0/24 net out an LB interface.  On the Server side there is a rule just forcing traffic out the WAN1 interface.  The Trixbox gets SIP trunks from the Internet and rules for that are placed on WAN1

    The Nat config is that the Trixbox is setup with a 1:1 NAT to WAN1.  The 10.1.0.0/24 net has translations outbound for both the WAN1 and WAN2, with WAN2 preferred in the LB.

    All other client traffic seems to work fine except this voip.  I'm starting to suspect that somehow the sip port is getting rewritten (as I have seen on other messages regarding connections to the internet), but I don't know if NAT is enabled on all interfaces for all traffic.

    Can anyone shed some light on what I may be doing wrong or suggest a configuration tweak?

    Thanks.


Log in to reply