Pfsense blocking outbound IAX2



  • For some reason I can not get pfsense to allow outbound iax2 and its default port.
    I have the port forward to the asterisk box and as well as a manual out bount nat in its place but still cant hear the other side.

    here is my ONT:

    
    WAN  	 10.30.2.0/24	 *	 *	 500	 *	 *	 YES Auto created rule for ISAKMP - LAN to WAN 	
    
    WAN  	 10.30.2.0/24	 *	 *	 *	 *	 * NO Auto created rule for LAN to WAN 	
    
     WAN  	 127.0.0.0/8	 *	 *	 *	 * 1024:65535 NO Auto created rule for localhost to WAN 	
    
    WAN  	 10.30.5.0/24	 *	 *	 *	 *	 * NO Auto created rule for OpenVPN server 	
    
    WAN  	 10.30.2.0/24	 *	 *	 4569	 *	 * NO rule for AIX2 - LAN to WAN 	
    
    

    Any ideas why it still been blocked?

    TIA.



  • Can you give us a sample of the block from the FW logs? Can you also give us a little more details on what you are trying to do? please also note that these rules are first matching so the second rule down will win for the 10.30.2.0/24 network. The two rules do the same thing so it doesn't really matter.



  • @podilarius:

    Can you give us a sample of the block from the FW logs? Can you also give us a little more details on what you are trying to do? please also note that these rules are first matching so the second rule down will win for the 10.30.2.0/24 network. The two rules do the same thing so it doesn't really matter.

    Thats the problem. Its not generating any type of noise in the logs even though I have it set to log everything on that rule.

    Does the IAX2 port for out bound need to be static?



  • Well static depends on what you are using it for. Static is not good for an all port configuration. But if you put port outbound NAT at the top and send it out with static, this makes a lot of game servers very happy. Also what LAN rules do you have in place in addition to the advanced outbound NAT? Are you protecting a server or are you have one server connect to another? A little more detail would be nice.



  • issue resolved. setting port 4569 to static did the trick.

    TIA!


Log in to reply