Configuring Transparent SIP Proxy

  • I have pfSense 2.0.  And I'm trying to configure the siproxd (plugin) as a outbound transparent proxy.
    But I don't see how to do that from the GUI.  I have found articles doing it with iptables but not pf. and the developers of siproxd say it can do this. (that is where I got the ip table example below).

    Currently my SIP signaling is being NATed correctly,  but not the SDP it still has the private ipaddress (i suspect it is not being sent to the siproxd, as the sip signaling is).

    Here is the example using iptables

    # redirect outgoing SIP traffic to siproxd (myself)
    iptables -t nat -A PREROUTING -m udp -p udp -i eth0 \ –destination-port 5060 -j REDIRECT

    Can someone help with the commands how to do this in pf?  Also I noticed the /etc/pf.conf is not used to load the filters.  What file is or better yet can I do it from the GUI?


  • Check applied rules in /tmp/rules.debug or with pfctrl -sa.

    Check if configuring outbound sip proxy option on client will work or not.

  • Will try the nontransparent proxy approach.

    Ok I have modified my system to send all outbound calls to the inside interface (LAN) of my pfSense/siproxd box.  But how do I configure the pfsense to relay or forward all outbound sip calls to my service provider with my user name and password that is needed for authentication?

    The username/password in the siproxd settings look like they are used for endpoints registering to the pfsense/siproxd box not the service provider.

  • I finally found a way to configure a outbound sip proxy on my router (which is on the Lan side of pfSense).

    But my problem has not changed,  with inbound calls the 180 trying response contains a private ip address in the contact field.  This contact field must be NATed to represent my public ip address.

    Should my router be registered to my pfSense box?  I don't think so , but just checking.

  • Am I missing something?  my siproxd config is as follows:

    Inbound interface    LAN
    outbound interface  WAN
    everything else is default.
    the spiroxd process is running.

    my router (which is originating my sip trunk)  is configured for a outbound sip proxy which has identified my pfsense box as such.

    How can I confirm that the siproxd is working and that the sip traffic is being sent to it?


  • To wrap up this thread I include my final results;

    I have come to the conclusion that the siproxd with pfsense supports SIP endpoints (that must register with pfSense), and does not support SIP trunks to a service provider (and do not register with the siproxd with in pfSense).


    I have thus installed a session boarder controller in parallel to my pfSense firewall and this works great.  I was just hoping to use 1 box not 2 on the edge of my network.


  • Hi Brian,

    My apologies for resurrecting an old thread, but if you're still around I'm curious as to what you wound up using for a Session Border Controller.


    • Phil

Log in to reply