Pfsense blocking random inbound SIP Calls….



  • I'm running Asterisk behind Pfsense just for an internal IP-PBX. Everything has been working pretty well except every once in a while pfsense will block an incoming call. I can see the call in my callcentric call log and see the block in firewall logs. It seems like 90% of the time calls come in just fine.

    My question is why and how can i avoid this?


  • Rebel Alliance Developer Netgate

    If it's blocking, that means something didn't match up. Either the state for an open connection timed out, in which case you'd want to set the firewall optimization to "conservative" (System > Advanced, Firewall/NAT tab), or your firewall and/or NAT rules aren't quite right.



  • I changed it to conservative last night but it just blocked an incoming call.

    I am not sure how my firewall/nat rules should be setup. I don't have anything forwarded to the Asterix box, didn't think i needed to.



  • Someone mentioned this:

    That's because callcentric uses DNS SRV and they have a CIDR block. You need to add all of their IP's to your rule if not you will get a random IP every so often and your Firewall will block those IP's you do not have in place.

    I started with gathering their IP addresses but i am not sure how they should be entered in as a rule.

    Right now i have

    UDP 204.11.192.0/24 * <my inet="" ip="">* * none

    as a rule but one test call didn't come through, and it didn't show up on the firewall now. Like it didn't block it but it wasn't sure where it was supposed to go exactly.</my>


Locked