PBX (SIP) behind pfSense on public IP ???
We have a broadband connection with 5 public iP's
One IP will be the WAN interface with NAT to webmail, etc. no problem here.
A second public IP we'd like to assign to the outside port of the telephone system. We want it to be directly accessible from the internet but only from a specific external IP.
We do not want any NAT tables in between the external IP and the telephone system.
Is this possible ?? or am I way off.
If the PBX is on its own interface bridged to the WAN port, then it could work without NAT.
However, many PBX systems will work fine with NAT, it's just a one-line entry in their config to specify the public IP that is used for the PBX's NAT address. Setup some 1:1 NAT to there, allow in SIP/RTP ports, and it should be fine.
Can your pbx use stun to let the server determine the wan ip?
If you need a stun server setting you can use stun.sipgate.net:10000 although your itsp may have their own or there may be one closer to you.