PfSense and Asterisk and SIP trunks not working

  • No, not "that ol' question" type of post. I'm posting for posterity's sake and hopefully so someone else does not have the same problem.

    I've had pfSense running for just over a month now (geek-home use) and been very happy with it and the rather interesting learning curve.
    I got my Asterisk (on LAN) setup and working quite easily and outbound trunks functioned without anything special or any hassle.

    All of a sudden I noticed the trunks no longer connected. As I only make use of the trunks a few times a month I don't know when they actually broke.
    I've spent about 3 days (evenings, weekends etc) trying to work it out.
    Tried siproxd - nudda
    Tried sniffing the traffic, did not help (see requests going, nothing returned)
    Spoke to hosting company - they said nothing has changed
    Basically just poking it hoping I would find the problem. Networking being a side-show for me, this is all I can do.

    I stumbled across a post where a guy had a HP switch which was swallowing packets. It turned out, he found some 40 hours later, that the switch decided the when a packet had a source and destination port that matched it must be a DoS attack and dropped them.
    Ta-Daaaa when the lights in my head; I had installed Snort a few weeks back.
    Off I go and sure enough, snort has decided these are all very very bad packets and swallowing them hence the inability of my Asterisk box to register the trunks.
    Turn off snort and voila, all trunks spring to life.  No to configure snort properly…

    Would it not be a good idea to make Snort's logs (dropped, error etc) push into the system log? It seems better to have a single source of what is dropped etc. Just a suggestion.

    Posting this in the hopes that it helps someone else... Please move if there is a more adequate place.


  • Yes - Snort will often just protect you to death…

    I often recommend it to people I really dislike.

Log in to reply