Trixbox + NAT reflection
-
I have a trixbox server up and i am trying to register my trunk to a sip provider. I got it to work yesterday and now today it stopped talking to the provider (and yes the provider is available)
My network
public ip -> pfsense box -> (nat reflection) -> trixbox (asterisk) voip
the ports i am reflecting are
TCP/UDP 5060
UDP 5061 - 5082
UDP 10000 - 20000also under advanced nat i have static ports set to yes
in the error logs i get
php: : Not installing nat reflection rules for a port range > 500
on my trixbox (like i said yesterday it registered but..) today it says unreachable
anyway ideas?
-
also i had a question on port 53 (DNS)
I jsut noticed in the logs that my voip provider is trying to send info on port 53 to my public ip
do i need a nat redirect for 53 to my voip server? seems kind of odd that it needs dns access on the trixbox?
-
whats really strange is after taking off the 10000 - 20000 udp nat forward and firewall rules along with 5060 forward and firewall, the trunk registered and everything is good to go…. really strange i wonder how it is getting through the firewall?
-
Did you read the notes on NAT reflection?
You cannot reflect ranges larger than 500 and you cannot reflect more than 1000 ports.Your range 10000-20000 violates both those rules and thus the reflections never started.
If you read the log you can see the message that the NAT reflection didnt start because these rules have been violated.
-
thats what i figured i just hoped there was a way around it…
-
Ah sorry. Didnt read your first post right….. :-\
Well a workaround is to setup split DNS.
(Or better said this would be the "proper" way to set this up. NAT reflection is kind of an ugly hack)
Of course this will only work if you access by a name and not by IP directly. -
http://forum.pfsense.org/index.php/topic,17728.0.html
would this work?