[Solved]how to NAT Asterisk behind pfsense

farrukhndm · Jun 5, 2010, 11:55 AM

I want publish Sip extension to remote users for that purpose i have NAT Given Address in Pfsense , When i register the xlite with pfsense Public ip 23.23.16.3,xlite shows,Registration error:408 Request time Out.

######System Status #############
udp 192.168.1.7:5060 <- 23.23.16.3:5060 <- 23.23.16.6:12721 NO_TRAFFIC:SINGLE
udp 23.23.16.6:12721 -> 192.16.1.7:5060 SINGLE:NO_TRAFFIC
udp 192.168.1.7:5060 <- 23.23.16.3:5060 <- 23.23.16.6:12722 NO_TRAFFIC:SINGLE
udp 23.23.16.6:12722 -> 192.168.1.7:5060 SINGLE:NO_TRAFFIC

Please acknowledged ,whats wrong behind the scene .

thanks

danswartz · Jun 1, 2010, 12:15 PM

Very hard to read in this format - screenshots would be easier. Are you sure the asterisk box has a default route pointing at the pfsense? Also, I note that you have overlapping rules (5004:5080) and (5060:5080)? Also seem to have confusion as to whether RTP is 10000:19999 or 10001:20000?

farrukhndm · Jun 2, 2010, 6:42 AM

I want publish Sip extension to remote users for that purpose i have NAT Given Address in Pfsense , When i register the xlite with pfsense Public ip 23.23.16.3,xlite shows,Registration error:408 Request time Out.

For Security reasons ,All IPs will be changed.
23.23.16.3=Pfsense
192.168.1.7=My Asterisk Server
23.23.16.6=Voip Clients s

Firewall ->NAT->Port forword

on Client when i lunch Xlite and it take long time in waiting during registration and says ,unable to authenticate. and pfsense System Status shows.
######System Status #############
udp 192.168.1.7:5060 <- 23.23.16.3:5060 <- 23.23.16.6:12721 NO_TRAFFIC:SINGLE
udp 23.23.16.6:12721 -> 192.16.1.7:5060 SINGLE:NO_TRAFFIC
udp 192.168.1.7:5060 <- 23.23.16.3:5060 <- 23.23.16.6:12722 NO_TRAFFIC:SINGLE
udp 23.23.16.6:12722 -> 192.168.1.7:5060 SINGLE:NO_TRAFFIC

For Testing Purpose i checked RDP Connection ,it also unable to connect
i am unable to launch MS RDP on 3389 port , the error is

tcp 192.168.1.4:3389 <- 23.23.16.3:3389 <- 23.23.16.6:13102 CLOSED:SYN_SENT
tcp 23.23.16.6:13102 -> 192.168.1.4:3389 SYN_SENT:CLOSED

Note :Both public Ips 23.23.16.6(Source IP),23.23.16.3(Pfsense) on same Subnet

![Firewall Rules.jpg](/public/imported_attachments/1/Firewall Rules.jpg)
![Firewall Rules.jpg_thumb](/public/imported_attachments/1/Firewall Rules.jpg_thumb)

farrukhndm · Jun 4, 2010, 5:51 AM

???? any help

MarcoP · Jun 4, 2010, 7:23 AM

I was able to get VOIP behind NAT working with sipproxy and freeswitch (somehow) ….
but at the end I've swapped to a dedicated WAN ip and a dedicated net interface using NAT 1:1 ... too easy.

Using a dedicated IP and a dedicated net interface you could also bridge asterisk to your wan, setting up asterisk to use your new external ip.

danswartz · Jun 4, 2010, 11:01 AM

You didn't answer my question: are you sure those hosts have default routes pointing back at pfsense? The fact that you can't use RDP either makes me wonder.

farrukhndm · Jun 5, 2010, 11:53 AM

You didn't answer my question: are you sure those hosts have default routes pointing back at pfsense? The fact that you can't use RDP either makes me wonder.

default Gatewya to host was problem,i havn't configure Default routes to pfsense to computers i want to access through NAT.

Great.

now My RDP Is NAT -OK
My trixbox Bheind NAT works fine with inbound and outbound calls.

Great…...Pfsense is Great.

luckman212 · Nov 4, 2010, 4:45 PM

hi farrukhndm, can you possibly give some more into as to how you solved this problem? i am having a very similar issue.

suncheez · Nov 15, 2010, 2:10 PM

I'd like to get a detailed explanation also, as I've got the same problem.
Thnx in advance.