Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with VoIP and DMZ?

    Scheduled Pinned Locked Moved NAT
    13 Posts 3 Posters 5.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      austinkp
      last edited by

      I'll start by saying that I've spent the last 5 hours trying to make this work, so I've done some research before asking this.  I've searched the forum already, and either can't find that I need, or don't understand the answer.  I'm not a complete newb at this, but I am definitely not an expert.

      I'm currently running 1.0-RELEASE built on Fri Oct 13 03:11:47 UTC 2006

      So I just got a Cisco IP Phone 7940 through bandwidth.com.  I get a dialtone, and can dial out and receive calls, but I'm not receiving the configurations that I need, so I'm stuck with only basic phone functionality.
      They had me open the following UDP ports in my firewall: 161-162, 1056-1255, 2427-2432, 2727, 5060, 5075
      Also, I have TCP ports 21, 80, and 123 open.

      Their tech support guy checked the server logs, and for some reason they're not receiving my phones requests for the config.  As a test, he also had me try the following from the windows command prompt: tftp -i xxx.xxx.xxx.xxx get somefile.cnf but it just times out.  He said the request was getting sent out via UDP 69 but getting blocked or something.

      He recommended that I set a DMZ for my phone, but I can't figure out how to do that.  So I suppose my question is do I need to and HOW DO I do that?  Or is there a better/easier option to make it work?

      As a final note, I also tried setting my NAT port forwarding for all of those port ranges to my phone's IP address, but no improvement.  If my hair was a little longer, I'd be pulling it out here!  Thanks in advance for any help!

      1 Reply Last reply Reply Quote 0
      • A
        austinkp
        last edited by

        Just updated to version 1.0.1 built on Sun Oct 29 01:13:05 UTC 2006.  No improvement.

        1 Reply Last reply Reply Quote 0
        • H
          hoba
          last edited by

          Try to use static ports for your phone. At firewall>nat, outbound enable advanced outbound nat. Then add a rule on top of the auto created rule for LAN like this:

          No NAT unchecked
          Interface WAN
          source network, <ip of="" phone="">/32
          port (blank)
          destination any
          destinationport (blank)
          translation interface adress
          static port checked

          Save and apply.

          After that reset states at diagnostics>states, reset states. Also reboot the phone just to make sure.</ip>

          1 Reply Last reply Reply Quote 0
          • A
            austinkp
            last edited by

            trying that right now…

            1 Reply Last reply Reply Quote 0
            • A
              austinkp
              last edited by

              got this when I followed those directions:

              php: : There where error(s) loading the rules: /tmp/rules.debug:22: the 'static-port' option is only valid with nat rules pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [22]: no nat on $ng0 from 10.0.0.0/24 to any static-port

              Edit NM, I reread your post.  With the new rule on top, I still get that same error.

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by

                You have to leave the no nat unchecked, read more closely  ;)
                Yes the autocreated rule is needed. It's what it does when advanced outbound nat is disabled automagically. Make sure the static port rule is above the autocreated rule.

                1 Reply Last reply Reply Quote 0
                • A
                  austinkp
                  last edited by

                  heh.  Funny how two little letters "U" and "N" make a difference eh?  I no longer get errors, but the phone's still not getting the configuration.  Any more ideas?  I just don't know what else to try…

                  1 Reply Last reply Reply Quote 0
                  • H
                    hoba
                    last edited by

                    You did reset the states and reboot the phone? If yes I'm out of ideas for now  :-\

                    1 Reply Last reply Reply Quote 0
                    • A
                      austinkp
                      last edited by

                      yes to both.  Thanks for the help so far.

                      On a side note, I also added a static mapping for my computer to see if I could do the tftp thing, but it still times out - dunno if that helps or not.

                      1 Reply Last reply Reply Quote 0
                      • S
                        sullrich
                        last edited by

                        TFTP will not work without a helper.  Unfortunately 1.0 does not have a helper for this protocol.

                        1 Reply Last reply Reply Quote 0
                        • A
                          austinkp
                          last edited by

                          is there something I can do?  i'd really love to keep pfSense.

                          If it's not possible, could you recommend another option to me?

                          1 Reply Last reply Reply Quote 0
                          • S
                            sullrich
                            last edited by

                            Sorry, I don't know of any other workarounds.

                            1 Reply Last reply Reply Quote 0
                            • H
                              hoba
                              last edited by

                              Guess something like that would be needed: http://www.openbsd.org/cgi-bin/man.cgi?query=tftp-proxy&sektion=8&manpath=OpenBSD+4.0

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.