PFSense support SIP Traffic Through NAT?

  • First question: see subject header

    Second question:  In regards to SIP and NAT does PFSense rewrite packets to have the external IP on it?

    Thank you!

  • Netgate Administrator

    |'ve not had cause to try it myself but I think this is what you're looking for:


  • first question: of course.

    second question:  by default, no, and generally that's bad (lots of the devices that do so break SIP in various ways), but if you're in a scenario where that's a must, siproxd does so.

  • PFSense support SIP Traffic Through NAT?

    pfsense does not do any special handling of SIP traffic, i.e. by default it doesn't enable any "proxy" (aka ALG Application Level Gateway). SIP traffic is handled just like all other traffic. This is generally a good thing, because many SIP ALGs implemented in routers break things.

    However, since the pf (packet filter used by pfsense) implements the so-called "symmetric NAT" (more) i.e. the most restrictive (and secure) type of NAT, on average it leads to more headaches with non-NAT-aware protocols (like SIP) than if you were using a NAT firewall implementing a more permissive NAT algo.

    Developments of NAT traversal technologies (STUN, ICE etc) in recent years have made things much easier with SIP, so it boils down to the capabilities and configuration of both your SIP device and your VoIP provider, which is why there isn't really a single configuration that one could post here for every pfsense user to use.

  • Netgate Administrator


    "symmetric NAT" (more) i.e. the most restrictive (and secure) type of NAT.

    Wow, 100% pure information on that page. I just discovered I knew nothing.
    Thanks Dhatz.  :)


Log in to reply