Trixbox + NAT reflection

  • I have a trixbox server up and i am trying to register my trunk to a sip provider.  I got it to work yesterday and now today it stopped talking to the provider (and yes the provider is available)

    My network

    public ip -> pfsense box -> (nat reflection) -> trixbox (asterisk) voip

    the ports i am reflecting are

    TCP/UDP   5060
    UDP 5061 - 5082
    UDP 10000 - 20000

    also under advanced nat i have static ports set to yes

    in the error logs i get

    php: : Not installing nat reflection rules for a port range > 500

    on my trixbox (like i said yesterday it registered but..) today it says unreachable

    anyway ideas?

  • also i had a question on port 53 (DNS)

    I jsut noticed in the logs that my voip provider is trying to send info on port 53 to my public ip

    do i need a nat redirect for 53 to my voip server?  seems kind of odd that it needs dns access on the trixbox?

  • whats really strange is after taking off  the 10000 - 20000 udp nat forward and firewall rules along with 5060 forward and firewall, the trunk registered and everything is good to go….  really strange  i wonder how it is getting through the firewall?

  • Did you read the notes on NAT reflection?
    You cannot reflect ranges larger than 500 and you cannot reflect more than 1000 ports.

    Your range 10000-20000 violates both those rules and thus the reflections never started.

    If you read the log you can see the message that the NAT reflection didnt start because these rules have been violated.

  • thats what i figured i just hoped there was a way around it…

  • Ah sorry. Didnt read your first post right…..  :-\

    Well a workaround is to setup split DNS.
    (Or better said this would be the "proper" way to set this up. NAT reflection is kind of an ugly hack)
    Of course this will only work if you access by a name and not by IP directly.

Log in to reply