Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configuring Transparent SIP Proxy

    Scheduled Pinned Locked Moved NAT
    7 Posts 3 Posters 7.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      brianmahler10
      last edited by

      I have pfSense 2.0.  And I'm trying to configure the siproxd (plugin) as a outbound transparent proxy.
      But I don't see how to do that from the GUI.  I have found articles doing it with iptables but not pf. and the developers of siproxd say it can do this. (that is where I got the ip table example below).

      Currently my SIP signaling is being NATed correctly,  but not the SDP it still has the private ipaddress (i suspect it is not being sent to the siproxd, as the sip signaling is).

      Here is the example using iptables

      # redirect outgoing SIP traffic to siproxd (myself)
      iptables -t nat -A PREROUTING -m udp -p udp -i eth0 \ –destination-port 5060 -j REDIRECT

      Can someone help with the commands how to do this in pf?  Also I noticed the /etc/pf.conf is not used to load the filters.  What file is or better yet can I do it from the GUI?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Check applied rules in /tmp/rules.debug or with pfctrl -sa.

        Check if configuring outbound sip proxy option on client will work or not.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • B
          brianmahler10
          last edited by

          Will try the nontransparent proxy approach.

          Ok I have modified my system to send all outbound calls to the inside interface (LAN) of my pfSense/siproxd box.  But how do I configure the pfsense to relay or forward all outbound sip calls to my service provider with my user name and password that is needed for authentication?

          The username/password in the siproxd settings look like they are used for endpoints registering to the pfsense/siproxd box not the service provider.

          1 Reply Last reply Reply Quote 0
          • B
            brianmahler10
            last edited by

            I finally found a way to configure a outbound sip proxy on my router (which is on the Lan side of pfSense).

            But my problem has not changed,  with inbound calls the 180 trying response contains a private ip address in the contact field.  This contact field must be NATed to represent my public ip address.

            Should my router be registered to my pfSense box?  I don't think so , but just checking.

            1 Reply Last reply Reply Quote 0
            • B
              brianmahler10
              last edited by

              Am I missing something?  my siproxd config is as follows:

              Inbound interface    LAN
              outbound interface  WAN
              everything else is default.
              the spiroxd process is running.

              my router (which is originating my sip trunk)  is configured for a outbound sip proxy which has identified my pfsense box as such.

              How can I confirm that the siproxd is working and that the sip traffic is being sent to it?

              Brian

              1 Reply Last reply Reply Quote 0
              • B
                brianmahler10
                last edited by

                To wrap up this thread I include my final results;

                I have come to the conclusion that the siproxd with pfsense supports SIP endpoints (that must register with pfSense), and does not support SIP trunks to a service provider (and do not register with the siproxd with in pfSense).

                BUMMER.

                I have thus installed a session boarder controller in parallel to my pfSense firewall and this works great.  I was just hoping to use 1 box not 2 on the edge of my network.

                Brian

                1 Reply Last reply Reply Quote 0
                • P
                  pquesinb
                  last edited by

                  Hi Brian,

                  My apologies for resurrecting an old thread, but if you're still around I'm curious as to what you wound up using for a Session Border Controller.

                  Thanks,

                  • Phil
                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.