Port forward for voip gateway behind nat bug
-
im on the latest nanobsd on alix and im having certain port forward issues
wan - isp with pppoe, provides dynamic ip
under nat port forward i have 2 entries with associated firewall rulesFOR SIP
if - wan
source ip and port - any
destination ip and port - wan and port 5070
nat ip and port - 192.168.0.176 5070FOR RTP
if - wan
source ip and port - any
destination ip and port - wan and port 8102-8200
nat ip and port - 192.168.0.176 8102-8200the device on that lan ip is a gateway for termination and it accepts calls from my sip server
now the problem is the call comes in fine from the sip server to device and the device starts terminating also but issue is one way audio, sip server can get audio from device but device doesnt get audio from sip server on the internet, i check the firewall log and it seems pfsense passes packets as it matches the second rule but for some reason the gateway on lan isnt getting it causing one way audio, audio from lan to wan but no audio from wan to lan
with the first rule, the call is atleast able to reach the gateway on lan but the second rule doesn't seem to work as intended, the system log shows as pass but it seems its not passing it to gateway
in my setup, there is no sip register involved, the gateway on my lan uses stun to find out its public ip and route packets back to sip server and the gateway allows termination if calls come from my sip server, the only issue is inspite of port forward, the rtp from sip server doesnt reach gateway but audio from gateway to sip server is sent just fine
-
the config is same as this http://griffeltavla.wordpress.com/2011/07/30/pfsense-2-0-port-forwarding/
when i replace pfsense with a asus router and i get 2 way audio when port forwarded same way, same ports
-
Pretty much guaranteed that's not a bug, it's a config problem on the PBX usually (need proper externip with Asterisk, similar settings on other PBXes). Rarely, rewriting the source port on the RTP will cause one way audio.
-
Delete the NAT and rules associated with this and change this "destination ip and port - wan and port 5070" to "destination ip and port - wan and port 5060"
Still do the NAT to 5070 internally…
-
@cmb:
Pretty much guaranteed that's not a bug, it's a config problem on the PBX usually (need proper externip with Asterisk, similar settings on other PBXes). Rarely, rewriting the source port on the RTP will cause one way audio.
as i mentioned, the gateway on the lan is using stun to find out its external ip and uses that in sip and rtp packets which it sends out to sip server so there isnt any config issue on the gateway. the signalling from wan to lan and lan to wan works just fine and audio also travels from lan to wan but its audio from wan to lan, the rule i created for rtp gets triggered and system log shows packets also whcih it says it passed but something goes wrong.
i read on other older threads that pfsense does some rewriting for voip but my ports r non standard, 5070 for sip and 8102-8200 for rtp, these r setup in the gateway
-
Delete the NAT and rules associated with this and change this "destination ip and port - wan and port 5070" to "destination ip and port - wan and port 5060"
Still do the NAT to 5070 internally…
so u mean to say i change the destination ip and port to wan and 5060?
problem related to this is i have 3 such gateways and many more devices on my lan so there is noway i can use 5060 on wan coz probably its being used by any of the other voip equipment
-
let me bring to notice that the gateway is a GSM gateway for termination and when calls from GSM to SIP r initiated from lan to wan, those work perfect with 2 way audio, the issue is for the calls that come in from wan.
same gateway, same ports and i use a asus soho router with same ports open on it and it works flawless for all calls from gsm to sip and sip to gsm
-
this got solved, actually if u use VoIP other than non standard ports such as 5060 then pfsense seems to rewrite the ports which breaks VoIP and to solve this u need to enable manual Advanced Outbound NAT and with the default rules it adds u can add you own entry for the VoIP port u use with the static port tick box ticked or u can edit the "Auto created rule for LAN to WAN" rule and tick static port in it
-
Glad you found the issue. As I said above, in rare circumstances, rewriting the source port on RTP will cause one way audio. The vast majority of the time, that's fine.