Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    NAT for Multple Asterisk Servers behind pfSense

    NAT
    2
    5
    2197
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sinac last edited by

      Hi Guys,

      I just set up a fresh pfSense and two Asterisk Servers for testing purposes. Both Asterisk Servers are trunked to the same external VOIP Provider. Now depending on which Asterisk comes first, one of the systems will register and work over the trunk just fine while the other won't. If I use two different VOIP Providers on each Asterisk, both can register. Taking a look at the traffic passing the pfSense WAN interface, it looks like the packets from the second Asterisk (the one which can't register), are not being natted and leaving the interface with their internal ip address. I assume this is because there is already an active NAT for [external-ip]:5060 pointing to the first asterisk, is that correct? But then again it should not make a difference whether I have 2 connections to the same VOIP Provider or to two diffenrent Privoders. Maybe someone could give a bit of explaination here…

      So what would be the best way to get two or more asterisks to work behind a pfSense firewall?

      Any help or suggenstions appreciated!

      1 Reply Last reply Reply Quote 0
      • D
        danswartz last edited by

        If the provider has more than one server, register each * box to a different one.  If not, ask if they can use a different port number for one?

        1 Reply Last reply Reply Quote 0
        • S
          sinac last edited by

          Thanks a lot for the answer. I thought about that, too and tried to get pfSense to change the outgoing port from the second asterisk from 5060 to 5070 as suggested in other forums. Unfortunately I couldn't figure out how to do so using pfSense. I meanwhile solved the problem using sipproxd which works fine.

          However, I still don't fully understand what was the problem there even though I'm quiet experienced with NAT and Firewalls. Maybe you or someone could explain?

          Best Regards.

          1 Reply Last reply Reply Quote 0
          • D
            danswartz last edited by

            pfsense i believe does not rewrite the source port if it is 5060, so if two sip entities behind the firewall try to talk to the same remote SIP server, the remote host will see two connections from the same source IP (pfsense) and port (5060), so return packets will not make it to the second asterisk server.  i intended to suggest trying siproxd but forgot :(  glad it is working now.

            1 Reply Last reply Reply Quote 0
            • S
              sinac last edited by

              That does indeed make sense, thank you!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense Plus
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy