NAT Port Forwarding to Internal host UDP port 5060 not working as expected
-
I just ran into this issue on the latest firmware. Some packets forward and some don't in sip. Identical ssh forward rule to the same host work perfectly.
-
Hi,
i know that its been a while sense the last post but i got the same problem and a possible solution.
so the problem for me was that i set up a nat rule the translate every incomming udp packet to port 5060 on my wan IP address to my internal asterisk box.
my sip provider have my IP address so i dont even need to register, he just sends me invites when i have a call from the PSTN.i couldn't get incoming calls. when i called my PSTN number i could see the invite packets on my pppoe0 interface but no packets were sent to my DMZ interface.
i did a little test and tried to send a udp packet from my home computer to the pfsense to port 5060, to my wonder it worked and the packet was sent to the DMZ interface and reached the asterisk machine.
after some more digging around (and rebooting the asterisk and pfsense) i decided to look for the connection state (under Diagnostics –> States).
i searched for my SIP provider and found 2 states, one incoming and one outgoing.
i don't remember the exact state they were in (i think that the incomming was direct from the SIP provider to the asterisk, without the WAN ip in the middle, but i could be mistaken).anyhow, after deleting the 2 states i tried to dial my PSTN number and it worked.
all packets flowed and my call was received by the PBX and eventually the SIP phone :-)for right now its working but i don't know if it will last (i hope it will).
keep you guys posted.
-
Are you using manual outbound NAT and static port on 5060, 5061 and all the sip related transport ports?
-
Automatic outbound Nat
Regular inbound Nat from wan IP to server ip on port 5060 udp and another Nat rule for the rtp. -
Static port setting on the manual outbound NAT for sip related ports…. First in list.
-
I'm glad I found this thread, it cleared up some mystery for me. I remember back in 2012, I was pulling my hair out because of this issue. Spent long hours reconfiguring/reconfiguring pfsense. It never worked so I went to a different router/firewall.
I like pfsense, the interface, the lightweight os, the robustness (compatibility); But because of this SIP port-forwarding behind pfsense problem, I'm not using pfsense in production. My 2010 linksys wireless router did not have this issue, port-forwarding for sip worked fine there. Wondering if 2.2 fixed this issue. If it did, I'll give pfsense another try.
-
I'm still a bit baffled what is so hard about port forwarding, manual outbound NAT and static port.
-
Since the time of this old thread, we have added the following doc to the wiki:
https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-to
-
Thats awesome. Should help the new guys alot.
