Firewall rules for SIP with 1:1 NAT not used…



  • Hi!

    I have installed an Asterisk based PBX (FreePBX) behind my pfSense and while it seems to mostly work I seem to have a few error messages from time to time which might be related to a non optimized firewall setup (what appears to be disconnects, timeouts, etc…)

    I have the latest version of pfSense (which is currently 2.2-RELEASE (amd64)).

    I have a subnet that is routed to my WAN so I have a few virtual IPs and I gave one to my PBX and setted up 1:1 NAT.

    I tried to follow https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-to doing what I thought would be the appropriate adjustments for 1:1 NAT (essentially transforming that port forward into a firewall rule).

    I wanted to see if this was ending up being used so I asked it to log the traffic handled by that rule and I get absolutely nothing… It looks like no traffic is seen from the SIP servers of my provider to the SIP ports of my PBX...

    What am I doing wrong?

    Is there anything I need to do on the PBX side as well?

    I would also like to give higher priority to anything exchanged between my PBX to/from my VOIP provider, what's the best way to do this?

    Thank you!

    Nick



  • Dear Nick,

    I think you should trouble shooting your asterisk functionality.
    It's better you start with netstat -na in shell or through webgui shell interface.
    After that you can start asterisk manually as the same way of above.
    At last you can use telnet command through your box.( telnet x.x.x.x 5060( if you are using sip in your Asterisk)). Here you should see your traffic log.

    I hope it's useful.


Log in to reply