Have no idea where this goes but it's DMZ related.



  • Hi… I suck at setting up DMZ, Firewall Rules and NAT.

    Please help me, actually kill me now.

    I've had it with pfsense and it retarded setup.

    Short story
    Dlink Router + Lightning = fried.
    No money + old pc + router distro. = free router.
    Deaf Parents + Sorenson VP200 Video Phone + pfsense = my head exploding.

    btw if you don't know what a videophone is here's a link...
    http://www.sorensonvrs.com/apply/vp200.php

    VP200 requires a DMZ or ports to be forward.

    In the nat firewall I've forward ports 15328-15339 plus 1720, for incoming, The manual says to forward 1024-65535 for outbound which overlaps with the incoming ports.

    When I make a outgoing call, There's no feed, the connection completes but no video feed. When I get an incoming call, the connection completes and we both have video feed.

    Basically I want to setup a DMZ.

    I have setup three network cards in old 866mhz machine.

    N1:Wan
    N2: 192.168.0.0/24
    N3: 172.16.0.0/24

    Followed this monowall guide and have ripped my hair out because it's not working as intended.

    
    DMZnet firewall rules
    ------Prot-------S-----------Port-----DEST.--------Port----Gateway
    Block--*--------*-------------*------LAN net--------*---------* 
    Pass---*----DMZ net-----------*-----!LAN net-------*----------*
    
    

    I don't know what else to do. What am I doing wrong?
    Is there any way I could just disable the firewall only on 172.16.0.0/24 and be done with it?

    ~Mp


  • Banned

    Why not 1:1 NAT to the videobox???



  • Try disabling outbound NAT too, as the devices may be trying to use adjacent/inferred port numbers.



  • How do I do 1:1, I've attempted this before and fail because I didn't understand the documentation.
    The outbound I don't fully understand how it works or how to set it up.

    I do anything I really need this video phone back in service asap.



  • I am also having issues with the Sorenson VP-200 and pfSense.

    The issues are the same as Mad Professor described.

    Port forwarding to the VP-200:
    1720, 15328-15348 TCP/UDP

    Two ifaces: WAN & LAN
    LAN is 10.0.0.0/16


  • Banned

    Have you tried 1:1 NAT??



  • 1. I think it is important whether remote phone is behind firewall or not.
    2. tcpdump would help definitely.


Log in to reply