2.0 RC2 Outbound NAT - Newbie Config Error (Non-Nat ports for SIP)?



  • Hi,

    I'm having fun trying to get my SIP phones working behind the firewall. I've read all the forum help and FAQ's and how-tos I can find, and I think I have everything configured correctly.

    I need the ports used for sip to be non NAT, so I've been trying to configure the outbound NAT rules, however, it appears from the logs in the phone system that there is still NAT happening. Could anyone try and point me in the direction of any likely problems in my rules please?

    I have 2 WAN connections, 1 of which is dynamic (and also the default gateway), and the one (that the SIP actions happen on) is PPOE. Apart from this the firewall seems to be working well.

    There are no additional rules on the dynamic WAN port, so I haven't posted a shot of these.

    If any more info is needed, please let me know.

    The only packages installed currently are country block and the open vpn packaging utility.

    Rules attached.

    Many thanks in advance!

    Harv

    ![Lan Rules.png](/public/imported_attachments/1/Lan Rules.png)
    ![Lan Rules.png_thumb](/public/imported_attachments/1/Lan Rules.png_thumb)


    ![NAT Port Forward.png](/public/imported_attachments/1/NAT Port Forward.png)
    ![NAT Port Forward.png_thumb](/public/imported_attachments/1/NAT Port Forward.png_thumb)



  • Hey,

    Can anyone help with this?

    Struggling a little, and would love to get the VOIP phone system working again.. I just can't see where my mistake is!

    Thanks in advance,

    Harv



  • One of the biggest headaches I had when setting up pfSense initially was VoIP with my Asterisk server…. it was a pain. I ended up with 3 simple rules however that got rid of the issues, this may or may not apply to your particular situation, but may offer some clue at least :)

    In this example, the 10.0.1.8/32 address is my Asterisk server. All of my SIP phones and ATA's peer with this server and Asterisk handles the calling to/from outside the local network. Have not had any issues once I figured out this worked for me, YMMV ;) The NAT address is one of my external IP's (I have 5).

    Hope that helps….


Locked