Have no idea where this goes but it's DMZ related.

  • Hi… I suck at setting up DMZ, Firewall Rules and NAT.

    Please help me, actually kill me now.

    I've had it with pfsense and it retarded setup.

    Short story
    Dlink Router + Lightning = fried.
    No money + old pc + router distro. = free router.
    Deaf Parents + Sorenson VP200 Video Phone + pfsense = my head exploding.

    btw if you don't know what a videophone is here's a link...

    VP200 requires a DMZ or ports to be forward.

    In the nat firewall I've forward ports 15328-15339 plus 1720, for incoming, The manual says to forward 1024-65535 for outbound which overlaps with the incoming ports.

    When I make a outgoing call, There's no feed, the connection completes but no video feed. When I get an incoming call, the connection completes and we both have video feed.

    Basically I want to setup a DMZ.

    I have setup three network cards in old 866mhz machine.


    Followed this monowall guide and have ripped my hair out because it's not working as intended.

    DMZnet firewall rules
    Block--*--------*-------------*------LAN net--------*---------* 
    Pass---*----DMZ net-----------*-----!LAN net-------*----------*

    I don't know what else to do. What am I doing wrong?
    Is there any way I could just disable the firewall only on and be done with it?


  • Banned

    Why not 1:1 NAT to the videobox???

  • Try disabling outbound NAT too, as the devices may be trying to use adjacent/inferred port numbers.

  • How do I do 1:1, I've attempted this before and fail because I didn't understand the documentation.
    The outbound I don't fully understand how it works or how to set it up.

    I do anything I really need this video phone back in service asap.

  • I am also having issues with the Sorenson VP-200 and pfSense.

    The issues are the same as Mad Professor described.

    Port forwarding to the VP-200:
    1720, 15328-15348 TCP/UDP

    Two ifaces: WAN & LAN
    LAN is

  • Banned

    Have you tried 1:1 NAT??

  • 1. I think it is important whether remote phone is behind firewall or not.
    2. tcpdump would help definitely.