Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound NAT for VOIP: switch from Manual to Hybrid?

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 218 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sgw
      last edited by

      At a customer they run a Netgate SG-1100 with pfsense-2.4.5p1: yes, the upgrade waits, because they are ~600kms away from me, and we all hesitate ;-)

      But the current question is:

      they got a new VOIP-appliance (unify.com) and this one is placed in the subnet "TK" (separate interface/VLAN) with 2 IPs (= 2 boxes) 192.168.99.10 and .11

      These go out and talk to some upstream servers, as far as I understand, SIP-trunks.

      Normally I expected them to be allowed by some Allow-Rule on the TK-interface.

      Turns out I see packages blocked on the LAN interface, but with a source IP from the TK-subnet! Why that?

      I found the Outbound NAT Rules running in "Manual Outbound NAT" mode, with some outdated rules in there. Cleaned up some, not yet fully happy. I currently allow that strange source IP out, but that doesn't seem correct to me.

      Now I found some pdf from a pfsense hangout, it recommends to use "Hybrid Outbound NAT" mode. I'd like to follow that, but I don't want to break things ...

      Is toggling that in any way dangerous ... ? Is there a possibility to lose admin access from remote? There is no competent admin there, I have to be sure about my next steps here.

      Here the current state:

      Bildschirmfoto-20210804154041-1443x1119.png

      LAN is 192.168.100.0/24, 192.168.80.0/24 is a GUEST LAN, 192.168.99.0/24 is the net for the VOIP appliances.

      I'd appreciate any guiding here. Thanks.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.