Inside -> outside then outside -> inside
-
not soutch a good topik and i spell like crap…
im tired and i hate my firewall right now...
what i whant is then a open a connection from the inside of the network i want to open a nat forwarding to the same port from outside -> inside
first
inside:XXX -> outside:XXX
and then it shoud open at nat forwardin like
outside:XXX -> inside:XXX
i hope some one understnds what i need....
what i need to get working is man Cisco 7961G IP Phone hwo connects to an asterisk on the outside of the firewall...
thx and god night...
-
What you are looking for is a "static port". Enable advanced outbound nat at firewall>nat, outbound tab. Then copy the automatically created rule for LAN and change it to only use source <cisco ip="" phone="">/32 and make sure to check the "static port" option. Move this rule above the automatically created nat rule for LAN. Then go to diagnostics>states, reset states and reset the states. Maybe reboot the phone to make sure it reestalishes all states.</cisco>
-
i dont think he means a static port mapping but rather something what is called on some routers "port triggering"
a software opens a connection on a certain port to a certain port.
(–> above: inside:XXX -> outside:XXX)a package would have to see that and then map the
outside port to the inside port and source
(--> above: outside:XXX -> inside:XXX)
after some time the mapping (or after the connection is closed) will be deleted. -
He's talking about an IP-Phone, it must be the static port option ;-)
-
What you are looking for is a "static port". Enable advanced outbound nat at firewall>nat, outbound tab. Then copy the automatically created rule for LAN and change it to only use source <cisco ip="" phone="">/32 and make sure to check the "static port" option. Move this rule above the automatically created nat rule for LAN. Then go to diagnostics>states, reset states and reset the states. Maybe reboot the phone to make sure it reestalishes all states.</cisco>
Thx… It works great!
now i love pfSense again!
-
Btw, scrambling ports during NAT is a security feature and not meant to piss people off. However some applications/protocols don't like this behaviour but you can work around it with the outband nat rules.
