Pfsense passing all VOIP traffic with NO rules defined??? Confused



  • I'm at a complete loss here…stumped for 1 day...

    Pfsense 2.01 was installed fresh, setup went well, my WAP and static DHCP works well.  Then I thought I'd try FreePhoneline.ca and install their VOIP application.  I didn't expect it to work, but it did,, and it makes no sense at all.  I used ShieldsUP to test all ports, and they are stealth.  Pfsense is supposed to block all traffic unless a firewall rule is set.  I examined the packet capture logs and they show something like this: freephonelineIP.42350 > mypublicIP:13000  via UDP    Then I examined the Firewall logs and show the same packet... is it blocked?  I have no idea.
    Data seems to be passing from freephoneline using port 42350 (random, changes each time I make a call) and into my public IP port 13000.  Port 13000 is used by the freephoneline software on my PC.  I can place a call and receive calls no problems.  I didn't have to setup any firewall rules, nor any NAT port forwarding.  It doesn't make any sense to me.

    Firewall and NAT rules are Pfsense default values.  Can someone please help me here?  How is VOIP working with no effort on my part?

    Please
    thanks



  • Lan Outbound "allow all" rules are in place by default.   Since the client makes the originating requests (just like your browser) the incoming packets are allowed.  Firewalls generally only block unsolicited traffic…



  • thank you.
    I wish I had gone to school for this.  Sounds like IP and Firewall 101 courses I should already know.

    If ANY application on my computer makes an originating request, then ALL corresponding traffic will be allowed back in regardless of any rules I set?  Is this a feature of all packet filtering firewalls?  UDP, TCP/IP only?



  • @bjr72:

    If ANY application on my computer makes an originating request, then ALL corresponding traffic will be allowed back in regardless of any rules I set?  Is this a feature of all packet filtering firewalls?  UDP, TCP/IP only?

    Yes that's true of every stateful firewall with every protocol. If you allow the traffic on LAN, the associated reply traffic on WAN is automatically allowed.



  • thank you. 
    I have 2 more perplexing questions, but I think I might have to start a new topic for that.


Log in to reply