Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense blocking random inbound SIP Calls….

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zephxiii
      last edited by

      I'm running Asterisk behind Pfsense just for an internal IP-PBX. Everything has been working pretty well except every once in a while pfsense will block an incoming call. I can see the call in my callcentric call log and see the block in firewall logs. It seems like 90% of the time calls come in just fine.

      My question is why and how can i avoid this?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        If it's blocking, that means something didn't match up. Either the state for an open connection timed out, in which case you'd want to set the firewall optimization to "conservative" (System > Advanced, Firewall/NAT tab), or your firewall and/or NAT rules aren't quite right.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • Z
          zephxiii
          last edited by

          I changed it to conservative last night but it just blocked an incoming call.

          I am not sure how my firewall/nat rules should be setup. I don't have anything forwarded to the Asterix box, didn't think i needed to.

          1 Reply Last reply Reply Quote 0
          • Z
            zephxiii
            last edited by

            Someone mentioned this:

            That's because callcentric uses DNS SRV and they have a CIDR block. You need to add all of their IP's to your rule if not you will get a random IP every so often and your Firewall will block those IP's you do not have in place.

            I started with gathering their IP addresses but i am not sure how they should be entered in as a rule.

            Right now i have

            UDP 204.11.192.0/24 * <my inet="" ip="">* * none

            as a rule but one test call didn't come through, and it didn't show up on the firewall now. Like it didn't block it but it wasn't sure where it was supposed to go exactly.</my>

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.