Inbound SIP Traffic

NAT
Log in to reply
  • V

    I have a router in place that has a network dedicated to the phones

    Let's say, 192.168.2.1

    I have noticed lately that the SIP provider's IP has been sending traffic to our network, source port 5060 but the destination port is random.

    All the phones connect to a service provider. There is no SIP server on site.

    My question is how do I handle that incoming SIP traffic. The phones seem to work but I believe some of the traffic is being dropped when it should not be. The firewall shows the traffic being stopped in the logs. Source IP, source port 5060 to destination IP (DSL) destination port is random.

    I have a NAT for SIP traffic as shown in https://doc.pfsense.org/index.php/VoIP_Configuration

    But that's for outgoing traffic, what about the incoming?

    0
  • KOM

    The VoIP phones initiate a state to the server end and keep it alive.  That's how the incoming calls can get through the firewall.  Are you sure you're not just seeing out of state traffic being blocked?

    0
  • V

    It is possible but the source address is the provider's address.

    0
  • Derelict
    LAYER 8 Netgate

    Of course it is. That's where the packets are coming from.

    0
  • V

    Exactly, and if there are packets coming from the provider there's likely a reason for it, question is why are they being dropped?

    0
  • chpalmer

    My provider has been doing this as well lately.  Traffic should be showing up as the LAN address  172.16.15.25  but this traffic shows up with the WAN address actually from the same server we register on and one other that we don't use that they own.

    It doesn't affect my use of the phones and if I wasn't seeing it in the logs we would never even know it happens.

    0
  • V

    I'll keep an eye on it, I just thought it weird and made me think that some traffic that should be getting through wasn't.

    0
  • KOM

    question is why are they being dropped?

    Could be due to an active state timing out and the connection being torn down on the pfSense end?  Unless you're actually having problems, I wouldn't worry about it.  If you are having an issue, explain and maybe we can track it down.  A lot of issues with VoIP phones can be due to a lack of traffic shaping that prioritizes your SIP traffic on a busy network, or latency issues with your VoIP provider.

    0
  • V

    I think you're right. I've been watching the logs and everything looks good now. I think there was an alert that triggered the blocking of the SIP provider which also caused further traffic to be dropped. I'm not sure which rule caused the blocked at this time but I am keeping an eye on it. I tried whitelisting an alias which contains a list of IPs that we frequent but snort throws a fit with the alias whitelisted.

    Anyhow, it seems to be working atm, but I am watching it. Thanks for replying.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy