Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WiFi Calling - RTP ports and firewall settings

    Scheduled Pinned Locked Moved
    NAT
    3
    6
    138
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      McDx
      last edited by

      Hi there everyone. I'm new to the forum, thank you for having me. I have a situation where a small business i manage has about 20+ employees that rely on WiFi Calling due to bad cell signal in the building. I upgraded them from a UDMPro to a Netgate 6100 and since then they all complain about dropped calls, no audio on calls, etc on the cell phones. I assume its due to firewall settings. I've already changed the Firewall & Nat to "conservative" and UDP Multiple to 900. It's better but still experiencing call issues.

      I've read to forward ports 4500, 500 but then I would have to make static maps for 20 or more cell phones. As I'm new to pfsense, could anyone maybe give a little advice on the correct way to setup a port forward for 4500 and 500 to all devices on the network?

      Thank you for the help.
      james

      G S 2 Replies Last reply Reply Quote 0
      • G
        Gblenn @McDx
        last edited by Gblenn

        @McDx What settings do you have for DNS on clients? Wifi calling uses DNS for geo location and it could be so that resolver mode messes things up? So seting the DNS for the phones (in your DHCP server) to e.g. google or cloudflare perhaps? 8.8.8.8 or 1.1.1.1?

        1 Reply Last reply Reply Quote 0
        • S
          slu @McDx
          last edited by

          @McDx said in WiFi Calling - RTP ports and firewall settings:

          I've read to forward ports 4500, 500 but then I would have to make static maps for 20 or more cell phones. As I'm new to pfsense, could anyone maybe give a little advice on the correct way to setup a port forward for 4500 and 500 to all devices on the network?

          No need of forwarding this ports.

          Simply add a firewall rule on the WiFi network outgoing UDP port 500 and 4500 and thats it,
          works here for years now without issue.

          pfSense Gold subscription

          G 1 Reply Last reply Reply Quote 0
          • G
            Gblenn @slu
            last edited by

            @slu Why do you need a rule for outgoing ports? That should "just work" like any port 80 or 443 even with multiple clients using those ports, that's what masquerade is for.

            S 1 Reply Last reply Reply Quote 0
            • S
              slu @Gblenn
              last edited by

              @Gblenn

              in our firewall only port 80 and 443 is outgoing open (also a rule) but for the WiFi calls you need this other ports.

              If you already allow everything outgoing, not other rules is needed.

              pfSense Gold subscription

              G 1 Reply Last reply Reply Quote 0
              • G
                Gblenn @slu
                last edited by Gblenn

                @slu Yes, exactly, if you have not changed anything in pfsense you have your default Allow LAN to any rule, unless you have removed that...
                Usually this rule is at the very bottom of the rules list under LAN...

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.