Help with VoIP and DMZ?
-
Try to use static ports for your phone. At firewall>nat, outbound enable advanced outbound nat. Then add a rule on top of the auto created rule for LAN like this:
No NAT unchecked
Interface WAN
source network, <ip of="" phone="">/32
port (blank)
destination any
destinationport (blank)
translation interface adress
static port checkedSave and apply.
After that reset states at diagnostics>states, reset states. Also reboot the phone just to make sure.</ip>
-
trying that right now…
-
got this when I followed those directions:
php: : There where error(s) loading the rules: /tmp/rules.debug:22: the 'static-port' option is only valid with nat rules pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [22]: no nat on $ng0 from 10.0.0.0/24 to any static-port
Edit NM, I reread your post. With the new rule on top, I still get that same error.
-
You have to leave the no nat unchecked, read more closely ;)
Yes the autocreated rule is needed. It's what it does when advanced outbound nat is disabled automagically. Make sure the static port rule is above the autocreated rule. -
heh. Funny how two little letters "U" and "N" make a difference eh? I no longer get errors, but the phone's still not getting the configuration. Any more ideas? I just don't know what else to try…
-
You did reset the states and reboot the phone? If yes I'm out of ideas for now :-\
-
yes to both. Thanks for the help so far.
On a side note, I also added a static mapping for my computer to see if I could do the tftp thing, but it still times out - dunno if that helps or not.
-
TFTP will not work without a helper. Unfortunately 1.0 does not have a helper for this protocol.
-
is there something I can do? i'd really love to keep pfSense.
If it's not possible, could you recommend another option to me?
-
Sorry, I don't know of any other workarounds.
-
Guess something like that would be needed: http://www.openbsd.org/cgi-bin/man.cgi?query=tftp-proxy&sektion=8&manpath=OpenBSD+4.0