Point to Point video call



  • I'm trying to setup "Polycom RealPresence Desktop" behind a pfsense 2.1.5 on a laptop on the lan with address IPL.

    I have a test address (IPW) to which I can connect and get sound but no video.

    To eliminate NAT problem I setup a NAT rule :

    If      |Proto      | Src.addr |Src.ports | Dest.addr | Dest. ports    | NAT IP | NAT Ports

    WAN | TCP/UDP | IPW      | *          | WAN        | 1024-65535 | IPL      | 1024-65535

    Am'I correct to think that with this rule, my problem is not a NAT problem ?

    BTW: a this time this (IPA) is the only address we need to reach/get called from.



  • Beside the port forwarding rule, you should also make sure you have an allow rule on your WAN allowing the traffic in.  Remember, there are 2 functions going on when the traffic hits the firewall.  It is looking to see exactly what to allow in and to where (port forwards or NAT) and it is looking to see if the traffic is allowed in at all (rules).

    With that port forward, yes, all traffic received from that source IP any port will be forwarded to the internal IP within that port range.  What does the state table say?  Filter by the source IP and check if you actually have inbound translations destined to the internal IP.

    You may need to packet capture and see what is going on in the packet.  You could have a NAT problem but it might not be a firewall NAT problem.  It could also be a NAT issue on the other end…

    I have experience with Polycom phones behind PFSense but I've never used this application, so I don't know what to expect in the messaging.  Perhaps the messaging is trying to setup video using the internal IPs of the devices and not inserting the NAT IP into the headers.

    Hope this helps!


  • Banned

    I hope you are not trying to use H.323 across NAT…



  • @doktornotor:

    I hope you are not trying to use H.323 across NAT…

    In fact yes, that is what I'm trying to do (SIP or H.323)… Definitly not a good idea ?


  • Banned

    H323 is definitely a horrible idea since it won't work at all…



  • You should read this post reading H.323 behind PFSense.

    https://forum.pfsense.org/index.php?topic=54800.0