1 WAN, Multi LAN, problem with SIP NAT reflection



  • My configuration is a pfsense 2.0.1 x64 running on ESXi5. It has one WAN and 9 LAN interfaces.

    I have enabled NAT with reflection for port 5060 to my local VOIP server on the 3rd LAN interface.

    My internal DNS server has an A record for my VOIP server, and I have created a matching A record pointing to my WAN IP using dynamic DNS.

    My Android handset is connected via wifi on the first LAN interface.

    I am finding with any SIP client I have tested on my phone, if I specify the server internal IP on the SIP client, it connects fine.

    Also if I specify the hostname and force the phone to use my internal DNS server.

    However if I let the phone use an external DNS server, it attempts to register. If I wireshark the VOIP lan, I can see the packets coming from pfsense and to the VOIP server and back.

    However on the normal/1st LAN which the phone is connected to, I can see the packets from phone to pfsense (to VOIP server), but nothing comes back.

    The bit that baffles me is that the same phone on the same LAN with the same pfsense has no issues accessing my exchange server on the 9th LAN interface also using NAT reflection in a similar manner - I can wireshark packets being sent and received on both relevant interfaces.

    Tried deleting/recreating the rule. Even tried installing sipproxd between the lan and voip interfaces with no luck.

    This is confusing me as I previously had a very similar setup working fine except I had less LAN interfaces.


Locked