Inside -> outside then outside -> inside



  • not soutch a good topik and i spell like crap…

    im tired and i hate my firewall right now...

    what i whant is then a open a connection from the inside of the network i want to open a nat forwarding to the same port from outside -> inside

    first

    inside:XXX -> outside:XXX

    and then it shoud open at nat forwardin like

    outside:XXX -> inside:XXX

    i hope some one  understnds what i need....

    what i need to get working is man Cisco 7961G IP Phone hwo connects to an asterisk on the outside of the firewall...

    thx and god night...



  • What you are looking for is a "static port". Enable advanced outbound nat at firewall>nat, outbound tab. Then copy the automatically created rule for LAN and change it to only use source <cisco ip="" phone="">/32 and make sure to check the "static port" option. Move this rule above the automatically created nat rule for LAN. Then go to diagnostics>states, reset states and reset the states. Maybe reboot the phone to make sure it reestalishes all states.</cisco>



  • i dont think he means a static port mapping but rather something what is called on some routers "port triggering"

    a software opens a connection on a certain port to a certain port.
    (–> above: inside:XXX -> outside:XXX)

    a package would have to see that and then map the
    outside port to the inside port and source
    (--> above: outside:XXX -> inside:XXX)
    after some time the mapping (or after the connection is closed) will be deleted.



  • He's talking about an IP-Phone, it must be the static port option ;-)



  • @hoba:

    What you are looking for is a "static port". Enable advanced outbound nat at firewall>nat, outbound tab. Then copy the automatically created rule for LAN and change it to only use source <cisco ip="" phone="">/32 and make sure to check the "static port" option. Move this rule above the automatically created nat rule for LAN. Then go to diagnostics>states, reset states and reset the states. Maybe reboot the phone to make sure it reestalishes all states.</cisco>

    Thx… It works great!

    now i love pfSense again!



  • Btw, scrambling ports during NAT is a security feature and not meant to piss people off. However some applications/protocols don't like this behaviour but you can work around it with the outband nat rules.


Log in to reply