• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Inconsistent routing and NAT HELP!

Scheduled Pinned Locked Moved NAT
2 Posts 2 Posters 1.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mizunoer
    last edited by Oct 13, 2011, 3:59 PM Oct 13, 2011, 3:31 PM

    We are seeing that when a device on the outside of the firewall, but inside our LAN configuration, initiates a connection we do not have a problem but when the device on the inside of the firewall initiates the connection the pfsense device sometimes incorrectly NATs the outgoing traffic.  This is on a phone system and we maintain logical connectivity but the audio channel drops.  Here is what we are seeing from the packet capture:
    LAN interface:
    Working:
    IP 192.168.13.190.6000 > 10.10.10.251.6000: UDP, length 14
    IP 10.10.10.251.6000 > 192.168.13.190.6000: UDP, length 16
    IP 10.10.10.252.30028 > 192.168.13.190.9000: UDP, length 172
    IP 192.168.13.190.9000 > 10.10.10.252.30028: UDP, length 172

    Not Working:
    IP 192.168.13.190.6000 > 10.10.10.251.6000: UDP, length 20
    IP 10.10.10.251.6000 > 192.168.13.190.6000: UDP, length 16
    IP 10.10.10.252.30028 > 192.168.13.190.9000: UDP, length 172
    IP 10.10.10.252.30028 > 192.168.13.190.9000: UDP, length 172

    Wan Interface:
    Working:
    IP 10.10.10.251.6000 > 192.168.13.190.6000: UDP, length 16
    IP 192.168.13.190.6000 > 10.10.10.251.6000: UDP, length 14
    IP 192.168.13.190.9000 > 10.10.10.252.30028: UDP, length 172
    IP 10.10.10.252.30028 > 192.168.13.190.9000: UDP, length 172

    Not Working:
    IP 10.10.10.251.6000 > 192.168.13.190.6000: UDP, length 16
    IP 192.168.13.190.6000 > 10.10.10.251.6000: UDP, length 14
    IP 192.168.13.190.9000 > 10.10.10.252.30028: UDP, length 172
    IP xx.xx.xx.xx.59168 > 192.168.13.190.9000: UDP, length 172

    As you can see when the item isn't working we see the the packets hitting the LAN interface with the destination 192.168.13.190 are being natted to xx.xx.xx.xx(my public IP).  When this happens we lose our audio channel.  We have tried many different rules to state that we don't want outbound traffic from .152 to another local address be natted but it is happening anyway.

    We are using a samsung IP telephone system.  The system operates off of two different private IP addresses, 10.10.10.251 and 10.10.10.252.  We have the pfsense firewall installed at our central location where the phone system is.  Our central subnet is 10.10.10.0. Our remote subnets are 192.168.10.0, 192.168.11.0, 192.168.12.0, 192.168.13.0.  Each site has a bonding appliance and firewall that allow the subnets to communicate.

    When the pfsense firewall is removed everything works perfectly.

    1 Reply Last reply Reply Quote 0
    • P
      podilarius
      last edited by Oct 18, 2011, 12:49 PM

      Could you post a screen shot of your manual outbound rules?

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received