Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense passing all VOIP traffic with NO rules defined??? Confused

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bjr72
      last edited by

      I'm at a complete loss here…stumped for 1 day...

      Pfsense 2.01 was installed fresh, setup went well, my WAP and static DHCP works well.  Then I thought I'd try FreePhoneline.ca and install their VOIP application.  I didn't expect it to work, but it did,, and it makes no sense at all.  I used ShieldsUP to test all ports, and they are stealth.  Pfsense is supposed to block all traffic unless a firewall rule is set.  I examined the packet capture logs and they show something like this: freephonelineIP.42350 > mypublicIP:13000  via UDP    Then I examined the Firewall logs and show the same packet... is it blocked?  I have no idea.
      Data seems to be passing from freephoneline using port 42350 (random, changes each time I make a call) and into my public IP port 13000.  Port 13000 is used by the freephoneline software on my PC.  I can place a call and receive calls no problems.  I didn't have to setup any firewall rules, nor any NAT port forwarding.  It doesn't make any sense to me.

      Firewall and NAT rules are Pfsense default values.  Can someone please help me here?  How is VOIP working with no effort on my part?

      Please
      thanks

      1 Reply Last reply Reply Quote 0
      • chpalmerC
        chpalmer
        last edited by

        Lan Outbound "allow all" rules are in place by default.   Since the client makes the originating requests (just like your browser) the incoming packets are allowed.  Firewalls generally only block unsolicited traffic…

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • B
          bjr72
          last edited by

          thank you.
          I wish I had gone to school for this.  Sounds like IP and Firewall 101 courses I should already know.

          If ANY application on my computer makes an originating request, then ALL corresponding traffic will be allowed back in regardless of any rules I set?  Is this a feature of all packet filtering firewalls?  UDP, TCP/IP only?

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            @bjr72:

            If ANY application on my computer makes an originating request, then ALL corresponding traffic will be allowed back in regardless of any rules I set?  Is this a feature of all packet filtering firewalls?  UDP, TCP/IP only?

            Yes that's true of every stateful firewall with every protocol. If you allow the traffic on LAN, the associated reply traffic on WAN is automatically allowed.

            1 Reply Last reply Reply Quote 0
            • B
              bjr72
              last edited by

              thank you. 
              I have 2 more perplexing questions, but I think I might have to start a new topic for that.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.