Seven H.323 devices behind 1 public IP

  • Is this even possible? I have cerated NAT Port Forward rules and everything works if I only have 1 videoconference unit online. If I connect additional devices = sound issues, content sharing issues and so on.

    When looking at Firewall Logs, I see that traffic is passed, but it passes traffic to the other H.323 devices too. I have created an Alias with all Cisco/Tandberg units on NAT Port Forward.

    I have configured different RTP Port Ranges on Cisco/Tandberg but no luck… I have port forwarded all the ports needed and NAT Mode is ON for all my H.323 devices.

    If I NAT 1:1 the second unit on another Virtul IP (public) - it works. But since I have 7 units, I don't have that many public IPs...

    Is it possible to have multiple H.323 devices behind 1 public IP? If yes, what am I doing wrong?

  • You need an h.323 proxy which pfsense doesn't have.

  • Well, I seem to have solved this issue.

    When I had one Alias containing all the Tandberg/Cisco units and allowing all the port ranges - it got messed up. I thought that the devices + pfSense would solve it on their own = port forward RTP ranges to the specific device having those RTP ports configured..

    I have now solved it like this in pfSense:
    Unit 1 =
    Port Range: 2000 - 2200
    Public IP:

    Unit 2 =
    Port Range: 2400 - 2600
    Public IP:

    And so on… It seems to work. Don't know if this will work forever but it seems OK now.

    Feedback is always welcomed :)

  • You should be good actually, i misread and didn't see where you had specified the ports on each device.
    In that case a proxy is not needed. Its when it's using dynamic port ranges that it has issues.

Log in to reply