Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    need a little help with some NAT rules (1:1 NAT or outbound rules)

    NAT
    2
    5
    330
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • tobywhiting10T
      tobywhiting10
      last edited by

      Hi all,
      I'm usually pretty good with networking but NAT is where I fall a little bit short.
      Long story short, I have a PBX server running on lan which needs to authenticate with a sip server on the Internet.

      Annoyingly this server expects a very specific source port for all incoming requests. After running a couple of packet captures on both the LAN and WAN side, I can see the PBX reaching out, source port 5065 and destination port 5060, which is correct. However once this is translated through NAT and is on the wan interface, it has changed to a random source port and with the correct destination port of 5060.

      Not knowing exactly what to do here, I believe I need to create an outbound NAT rule or 1:1 NAT rule so that all requests coming from the PBX server with source port 5065 leave the wan interface with the same source port.

      How would I go about doing this?
      Thanks for your help in advance.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @tobywhiting10
        last edited by

        @tobywhiting10
        You need to add an outbound NAT rule for the PBX.

        If the outbound NAT is in automatic mode (default) switch to hybrid mode and save this.
        Then add a rule:
        interface: WAN
        source: IP of the PBX
        source port: 5065
        destination: sip servers IP
        translation address: interface address
        port or range: static port checked

        tobywhiting10T 1 Reply Last reply Reply Quote 0
        • tobywhiting10T
          tobywhiting10 @viragomann
          last edited by tobywhiting10

          @viragomann Thanks for the quick reply
          Some of the options available do not match the ones you specified.
          I take it the rule I am to create is a static mapping?

          For the source, it wants me to specify an entire network or the firewall itself, putting in the subnet the PBX is on did not appear to work.

          Also, I do not know the specific Sip server IP address, just a URL. Not sure whether this is a problem but selecting any did also not appear to work
          e9cd6f3c-ffe9-4deb-ba90-fd984af20bfb-image.png

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @tobywhiting10
            last edited by

            @tobywhiting10
            The destination port is wrong.

            To specify a single IP select a /32 mask.

            Using any at destination might be sufficient, because you limit the destination port and this one might only be used for sip,
            However, if you want to limit the address also, you can add an alias using the host name. The en enter this alias into the destination field and set a /32 mask.

            tobywhiting10T 1 Reply Last reply Reply Quote 1
            • tobywhiting10T
              tobywhiting10 @viragomann
              last edited by

              @viragomann Thanks, that's got this working now

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.