Traffic blocked despite allow rule - how to dig deeper?



  • Hi Everyone,

    I have a problem with NAT/Firewall which blocks an IP that it shouldn't. I have set the rules to ALLOW as follow through NAT/Firewall:

    NAT:
    –-----------------------------

    WAN	UDP	209.209.209.209	*	                   22.22.22.22	        5060 (SIP)	192.168.0.5	 5060  (SIP)	   SIP-Server-SIP	
    WAN	UDP	209.209.209.209	10000 - 20000	   22.22.22.22          5060 (SIP)	192.168.0.5	 10000	           SIP-Server-RTP
    

    Firewall:
    –-----------------------------

    UDP	 209.209.209.209	 *	                     192.168.0.5	 5060  (SIP)	 *	 none	  	 NAT SIP-Server-SIP	
    UDP	 209.209.209.209	 10000 - 20000     192.168.0.5	 10000	         *	 none	  	 NAT SIP-Server-RTP
    

    System Logs > Firewall Logs:
    –-----------------------------

    Aug 4 17:34:22	WAN	   209.209.209.209:10648	   22.22.22.22:12706	UDP
    Aug 4 17:34:22	WAN	   209.209.209.209:15418	   22.22.22.22:11802	UDP
    

    Why is that happening? As you can see above, I have allowed SIP UDP 5060 and RTP UDP port range 10000-20000 to be NATed to 192.168.0.5 and firewall rule shows it open as well. But then, the firewall log show port 12706 and 11802 blocked. Those range fall within 10000-20000. Why are they blocked? How can I dig deeper?

    Legends:
    SIP-Server LAN IP = 192.168.0.5
    SIP-Server Public IP Address (Set as Virtual IP in pfSense): 22.22.22.22
    VoIP Service Provider Public IP: 209.209.209.209

    Much appreciated,



  • My issue was in NAT of port range:

    WAN	UDP	209.209.209.209	10000 - 20000	22.222.22.22	10000 - 20000	192.168.0.5 	10000 - 20000	SIP-Server-RTP
    

    Lesson learned: don't rely on from port only. Add from and to.


Locked