Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setup NAT for VOIPMuch

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 4 Posters 782 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      lcbdl
      last edited by stephenw10

      I ordered a VOIP home phone from VOIP Much. But the box couldn't register properly. But finally I made it working. Here is the following steps in case someone needs it.

      My router has 4 ports, I used port 1 for WAN, and created a bridge BR0 with port 2, 3, and 4. Then setup a DHCP server on BR0.

      1. Call VOIP Much customer service ask them to use fixed UDP port. By default it's dynamic. They set it to 45060 for me.
      2. Go to pfSense Firewall -> NAT -> Outbound, then add 2 mappings for UDP as below.
        Screen Shot 2020-11-28 at 12.29.30 PM.png

      Hope this can help you if you have same issue.

      DaddyGoD 1 Reply Last reply Reply Quote 0
      • DaddyGoD Offline
        DaddyGo @lcbdl
        last edited by DaddyGo

        @lcbdl said in Setup NAT for VOIPMuch:

        and created a bridge BR0 with port 2, 3, and 4. Then setup a DHCP server on BR0.

        Hi,

        Well, so ???
        More serious SIP providers do not need this, for example...

        Due to the nature of SIP + NAT:
        F.E.: https://voipstudio.com/blog/sip-nat-traversal/

        the other steps are unnecessary and dangerous, just look at this:

        udp/ 10000:20000

        if you manage a lot of VoIP devices, maybe a SIP proxy, but these days it’s not relevant either 😉

        +++edit:
        everyone would use the 5060 if it weren’t for a world full of fake calls

        Cats bury it so they can't see it!
        (You know what I mean if you have a cat)

        1 Reply Last reply Reply Quote 0
        • bingo600B Offline
          bingo600
          last edited by bingo600

          I think i have 10+ diferent brands of SIP phones at job , all using an external SIP Server.
          I never had to create a bridge interface, or make wan (inbound) permisions for SIP.

          You might have to "tune" the sip register/re-register period (on the phone) to be lower than your firewall TCP/UDP timeout , else you cant receive calls , when the state is purged.

          I'd never do the above.

          /Bingo

          DaddyGoD 1 Reply Last reply Reply Quote 0
          • DaddyGoD Offline
            DaddyGo @bingo600
            last edited by

            @bingo600 said in Setup NAT for VOIPMuch:

            I'd never do the above.

            Thank you very much 😉

            Cats bury it so they can't see it!
            (You know what I mean if you have a cat)

            1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              Mmm, those outbound NAT rules are doing nothing different to the default since none are set to use static source ports.
              Except they have source set to 'any' which is a bad idea since it includes traffic from the firewall itself. It will probably break IPSec for example.

              Steve

              bingo600B 1 Reply Last reply Reply Quote 0
              • bingo600B Offline
                bingo600 @stephenw10
                last edited by

                This post is deleted!
                1 Reply Last reply Reply Quote 0
                • stephenw10S Offline
                  stephenw10 Netgate Administrator
                  last edited by

                  Yeah, pretty sure the bridge here is just across the internal ports so they can be used as one subnet.

                  1 Reply Last reply Reply Quote 1
                  • L Offline
                    lcbdl
                    last edited by

                    Thank you for the replying. Actually I am a software developer, not a professional network guy. Please correct me if I am wrong.

                    I setup the bridge is not for the VOIP. I just want to make it simple for my home network. The bridge makes port 2, 3, and 4 behave like an internal switch. So that I have 2 APs, and one VOIP box in the same subnet.

                    I talked to my VOIP provider, udp/ 10000:20000 is required to the voice. That is needed in my situation. I won't hear anything if I don't have this rule.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S Offline
                      stephenw10 Netgate Administrator
                      last edited by

                      Mmm, OK reviewing that I guess that even though you have not set static source ports specifically you have set the source port to match and the translated source port to the same value which will effectively make it static.

                      That's the wrong way to do it though. Setting the source IP as any will catch traffic that should not be NAT'd and break things.

                      You should set OBN to hybrid mode and then add one rule only with the source IP as the internal phone and static source set.

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.