Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreePBX and Pfsense

    Scheduled Pinned Locked Moved NAT
    7 Posts 4 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      brandon1767
      last edited by

      I need to have a remote SIP extension for my FreePBX server, but I can't port forward it through my NAT. It worked perfectly on my crappy Linksys router. This does not work, https://doc.pfsense.org/index.php/Asterisk_VoIP, because it for connecting to a PBX outside of the network. So what do I do? I forwarded ports 5060 and 10000, 20000. If someone has this working please tell me your configuration. I really appreciate it!

      Thanks,

      Brandon

      The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards. — Gene Spafford

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        What type of phone/device/pbx is your "remote SIP extension"?

        My first suggestion would be to keep it simple, I wouldn't go down the SIPProx route without exhausting all the other possibilities first.
        If it worked well with a basic Linksys, you likely need a basic NAT setup with perhaps some tweaks under pfSense.

        The other thing to watch for as you're making changes and trying them out, very often you'll need to do a States->Reset or even a full restart at one or the other (or both ends).  SIP can be very cumbersome to troubleshoot as various devices try to adapt to what they "think" your environment requires.  Stable once established, but tricky to get right from scratch.

        On the positive side, I've got more than one setup managing SIP connections through pfSense.  I even have a Voip client on my phone that can connect to my home FreePBX box.

        -jfp

        1 Reply Last reply Reply Quote 0
        • K
          killmasta93
          last edited by

          could you show your NAT rules? I had this problem one time that I had ftp  rule ontop of my SIP rules and it was not connecting

          Tutorials:

          https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

          1 Reply Last reply Reply Quote 0
          • M
            mix_room
            last edited by

            FreePBX and pfSense play nicely. The problem for me was almost always on the FreePBX side.

            Does registration work? Have you forwarded the entire range for RTP-communications, or just the two ports? Did you forward the right protocol RTP needs UDP in the default.

            Did you set the appropriate networks in FreePBX? Often there is some form of deny-setting for remote networks.

            1 Reply Last reply Reply Quote 0
            • B
              brandon1767
              last edited by

              Thanks for the replies everyone!

              I am going to try this and see if it works,

              https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-to

              I am glad to see someone has got it working. When I get home from work I will post my NAT setup and my FreePBX config. Also, my devices are two Gandstream HT701 ATAs and 1 Cisco 7940. They both don't register, but they did before on my Linksys. If it helps, everything works locally. (192.168.x.x)

              Thanks again,

              Brandon

              The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards. — Gene Spafford

              1 Reply Last reply Reply Quote 0
              • B
                brandon1767
                last edited by

                Hey everyone, I attached a screenshot of my SIP NAT rule and FreePBX settings. I can't register at all externally and port checker websites say that the ports are closed.

                Thanks,

                Brandon

                ![Screen Shot 2015-10-30 at 2.15.50 PM.png](/public/imported_attachments/1/Screen Shot 2015-10-30 at 2.15.50 PM.png)
                ![Screen Shot 2015-10-30 at 2.15.50 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-10-30 at 2.15.50 PM.png_thumb)
                ![Screen Shot 2015-10-30 at 2.20.01 PM.png](/public/imported_attachments/1/Screen Shot 2015-10-30 at 2.20.01 PM.png)
                ![Screen Shot 2015-10-30 at 2.20.01 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-10-30 at 2.20.01 PM.png_thumb)
                ![Screen Shot 2015-10-30 at 2.19.32 PM.png](/public/imported_attachments/1/Screen Shot 2015-10-30 at 2.19.32 PM.png)
                ![Screen Shot 2015-10-30 at 2.19.32 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-10-30 at 2.19.32 PM.png_thumb)

                The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards. — Gene Spafford

                1 Reply Last reply Reply Quote 0
                • D
                  divsys
                  last edited by

                  What do you WAN and LAN Firewall->Rules look like?

                  You might try temporarily turning on logging of the rules you think should be applied to see if they are getting triggered at all.

                  As always, try and change one thing at a time and test…...

                  -jfp

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.