Setup NAT for VOIPMuch
-
I ordered a VOIP home phone from VOIP Much. But the box couldn't register properly. But finally I made it working. Here is the following steps in case someone needs it.
My router has 4 ports, I used port 1 for WAN, and created a bridge BR0 with port 2, 3, and 4. Then setup a DHCP server on BR0.
- Call VOIP Much customer service ask them to use fixed UDP port. By default it's dynamic. They set it to 45060 for me.
- Go to pfSense Firewall -> NAT -> Outbound, then add 2 mappings for UDP as below.
Hope this can help you if you have same issue.
-
@lcbdl said in Setup NAT for VOIPMuch:
and created a bridge BR0 with port 2, 3, and 4. Then setup a DHCP server on BR0.
Hi,
Well, so ???
More serious SIP providers do not need this, for example...Due to the nature of SIP + NAT:
F.E.: https://voipstudio.com/blog/sip-nat-traversal/the other steps are unnecessary and dangerous, just look at this:
udp/ 10000:20000
if you manage a lot of VoIP devices, maybe a SIP proxy, but these days it’s not relevant either
+++edit:
everyone would use the 5060 if it weren’t for a world full of fake calls -
I think i have 10+ diferent brands of SIP phones at job , all using an external SIP Server.
I never had to create a bridge interface, or make wan (inbound) permisions for SIP.You might have to "tune" the sip register/re-register period (on the phone) to be lower than your firewall TCP/UDP timeout , else you cant receive calls , when the state is purged.
I'd never do the above.
/Bingo
-
-
Mmm, those outbound NAT rules are doing nothing different to the default since none are set to use static source ports.
Except they have source set to 'any' which is a bad idea since it includes traffic from the firewall itself. It will probably break IPSec for example.Steve
-
This post is deleted! -
Yeah, pretty sure the bridge here is just across the internal ports so they can be used as one subnet.
-
Thank you for the replying. Actually I am a software developer, not a professional network guy. Please correct me if I am wrong.
I setup the bridge is not for the VOIP. I just want to make it simple for my home network. The bridge makes port 2, 3, and 4 behave like an internal switch. So that I have 2 APs, and one VOIP box in the same subnet.
I talked to my VOIP provider, udp/ 10000:20000 is required to the voice. That is needed in my situation. I won't hear anything if I don't have this rule.
-
Mmm, OK reviewing that I guess that even though you have not set static source ports specifically you have set the source port to match and the translated source port to the same value which will effectively make it static.
That's the wrong way to do it though. Setting the source IP as any will catch traffic that should not be NAT'd and break things.
You should set OBN to hybrid mode and then add one rule only with the source IP as the internal phone and static source set.
Steve
