Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Asterisk & NAT PFsense

    Scheduled Pinned Locked Moved NAT
    5 Posts 3 Posters 5.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      djau
      last edited by

      Dear,

      I have many problems with the new pfsense version -> asterisk + nat.

      • outgoing call don't work well (some call reject)
      • cut phone

      -> asterisk config ok
      -> voip supplier ok…

      Actually, i try  :
      nat on pppoe1 inet from networklan/22 port = 5060 to any port = 5060 -> ipwan static-port
      rdr pass on pppoe1 inet proto udp from any port = 5060 to any port 5060:64000 -> planasteriskserver
      all udp sipserv1:5060 <- iplanasteriskserver:5060       MULTIPLE:MULTIPLE
      all udp iplanasteriskserver:5060 -> myipwan:5060 -> sipserv1:5060       MULTIPLE:MULTIPLE

      So :
      Firewall:Rules
      TCP/UDP sipserv1 * * * * none   (pass)
      TCP/UDP sipserv2  * * * * none   (pass)  
      TCP/UDP sipserv3 * * * * none   (pass)  
      TCP/UDP sipserv4 * * * * none   (pass)

      Firewall:nat
      WAN UDP * * * 10000 - 20000 192.168.184.2 10000 - 20000
      WAN UDP * 5060 (SIP) * 5060 - 64000 lanip 5060 - 64000

      Why sipserv2,3,4 don't appear when i do a pfctl -sa | fgrep 5060 ?
      Any idea ?

      Sorry for my bad english.
      Thank you.

      1 Reply Last reply Reply Quote 0
      • D
        dhatz
        last edited by

        @djau:

        I have many problems with the new pfsense version -> asterisk + nat.

        -> asterisk config ok
        -> voip supplier ok…

        Start with providing more information, i.e. versions of both pfsense and asterisk involved.
        What "new pfsense version" ? I've tested both 2.0.x and 2.1-DEVEL.

        Typically shouldn't need static-port outbound nat or any port-forwarding of inbound traffic (note: unless you have remote extensions e.g. you connect remotely to your voip server from dynamic IPs).

        1 Reply Last reply Reply Quote 0
        • D
          djau
          last edited by

          PFsense : 2.0.1-RELEASE
          Debian Squeeze + asterisk 1.6

          1 Reply Last reply Reply Quote 0
          • C
            costasppc
            last edited by

            You need manual outbound NAT for Asterisk to work properly.

            Kostas

            1 Reply Last reply Reply Quote 0
            • D
              dhatz
              last edited by

              @costasppc:

              You need manual outbound NAT for Asterisk to work properly.

              I assume you meant "You need manual outbound NAT" … with static-port option enabled. Having looked into the subject of NAT + SIP, I would say that static-port isn't typically required (I've never had to enable it for either 2.0.1 or 2.1-BETA with various versions of Asterisk 1.8.x). In fact static-port can lead to other sorts of problems, e.g. read http://forum.pfsense.org/index.php?topic=45255.15

              VoIP questions come up often in this forum, however it is nearly impossible to offer a universal guide that works for everyone. There are just too many combinations of factors involved e.g. NAT implementation, capabilities and configuration of SIP peers (i.e. VoIP software at your side as well as at your VoIP provider's), possibly enabled SIP ALG/proxy inside the ADSL modem, people enabling siproxd etc.

              To debug VoIP issues, one has to look at packet captures of SIP traffic.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.