[SOLVED]Major issues with pfsense 2.0-Release



  • I am not sure how to go about this. I have been debugging issues with NAT and SIP for about 3 days straight. The bottom line is that pfsense wont allow it. God came down and told him to allow it and pfsense send him to hell.
    I am not sure if this is something specific to my firewall only but I have no clue what the f…. is going on.

    I can put 3 different firewalls in front (dd-wrt, sonicwall, kerio) and they all allowed it with the correct forwarding rules and static nat settings.

    Not pfsense! hell no.... I have done everything by the book and back and still no spoon. Is anybody out there running pfsense 2.0-Release been able to get SIP working behind a nat not in dmz....?....

    Also I can not get traffic shaping rules working and it seems to be a bug....

    It has been ignored for a few days...

    http://forum.pfsense.org/index.php/topic,41208.0.html



  • VOIP worked for me after steps 1. & 2. from http://doc.pfsense.org/index.php/VoIP_Configuration



  • @rhy7s:

    VOIP worked for me after steps 1. & 2. from http://doc.pfsense.org/index.php/VoIP_Configuration

    Thank You very much for your post.

    I am taking some of my issues up stream…. I think a lot of them are only specific to me.

    Though traffic shapping is actually broken.



  • @rhy7s:

    VOIP worked for me after steps 1. & 2. from http://doc.pfsense.org/index.php/VoIP_Configuration

    So I have to set static port to disable in the manual out bound nat correct?
    So taht means the default 10.30.2.0/24 ONT should work?

    Or do I have to create a rule for 5060 with static port map to yes?

    TIA for the help.



  • Do you have a port forward in place for 5060 to your VOIP device?



  • Issue resolved.



  • serialdie, some advice if I may:

    1. When your problem is resolved, edit the thread's title and add [solved] to it.

    2. Offer a quick summary of what the solution was, e.g. you found out that simply changing the SIP port to something other than 5060 would allow your Asterisk PBX to work.

    Since pfsense does not perform any ALG/application layer processing of SIP, unless you run siproxd, it means that the cause was probably either a) an ALG inside your DSL router (quite common) or b) your ISP (some ISPs who offer double-play services will try to block SIP) but since it worked with DDWRT / Sonicwall / Kerio we can probably rule out the latter.



  • Advice taken.

    After I change to port 5080 everything worked. To this day I have no idea why port 5060 did not worked. I do have to many layers of security that could of have cause the issues. IDS+pfsense+ipblock.


Log in to reply