On Thu, 2015-02-12 at 21:13 +0000, Tiernan OToole wrote: > Thanks for the tip Chris (Doh!) but tried setting it to UDP and still no > luck... > > --Tiernan > > -----Original Message----- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris L > Sent: Thursday 12 February 2015 20:36 > To: pfSense Support and Discussion Mailing List > Subject: Re: [pfSense] Multi-WAN port forwarding > > SIP is UDP, not TCP. > > > On Feb 12, 2015, at 12:33 PM, Tiernan OToole <tier...@tiernanotoole.ie> > > wrote: > > > > Morning all. > > > > I have a question I hope someone can help me with. > > > > I have my PFSense server with 3 WAN connections, load balanced and I need > > to start forwarding ports, specifically SIP ports. I have done port > > forwarding on port 80, and it works grand, but doing the same steps with > > 5060, not so much… > > > > The steps I took was: > > > > Firewall/NAT, Add, interface = WAN1, proto TCP, src addr and port are both > > *, dest = WAN1 address, dst port 5060, nat IP (internal ip of the voip > > box), nat ports 5060 > > > > Did this for each WAN connection and again for other ports… but the VoIP > > firewall checker is still telling me the ports aint open… What am I doing > > wrong? > > > > It works on port 80! Why not SIP?! > > > > Thanks. > > > > --Tiernan
Start by making sure that traffic is actually hitting the rule. Enable logging on the rule and/or run a packet capture on the pfSense box with the interface set to the WAN link, proto UDP port 5060. You could also do a pcap on the LAN interface with the IP of the PBX to see both directions. Install Wireshark obn your PC to look deeply into the pcap (download button) Once you get SIP to work which is usually pretty easy, then you get to diagnose why you get one way audio (RTP). Hopefully that wont happen. Symmetric RTP is your friend here ... Another thing to watch out for is SIP ALGs upstream of the pfSense and making sure that your VoIP system knows its external IP address. Cheers Jon _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
