I think you need to look into state tracking: https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules
I had an issue like this though with some advanced vpn routing I was doing and pfsense was killing states when I routed more then once. Is that your case? If pfsense cannot track the entire state I think at one point it considers it dead and kills it. I think you want to set State type to "none". Let us know if it works. On Tue, Jan 9, 2018 at 11:01 AM, Giles Coochey <gi...@coochey.net> wrote: > > > On 09-01-2018 15:49, Roberto Carna wrote: >> >> Special thanks to both of you... >> >> With ANY I mean "all TCP and UDP ports". >> >> Maybe when the remote peer sends to my PBX the SIP packet with the SIP >> Options, the response from the PBX is a SIP packet defined as >> ESTABLISHED traffic....and this ESTABLISHED feature is not working or >> not defined in pfSEnse firewall rules ??? Because the SIP response >> packet from PBX to the remote peer is not a new traffic, is an >> established traffic.... >> > > Well, certainly being able to run a packet capture on the PBX will aid your > troubleshooting, at least to see if _any_ packets are being received by the > SIP peer... > > You need to ensure that you _don't_ have siproxd package installed, as this > can interfere with your non-NAT set up. > > > >> Thanks a lot again, regards!!! >> >> 2018-01-09 12:17 GMT-03:00 Giles Coochey <gi...@coochey.net>: >>> >>> On 09/01/2018 14:34, Roberto Carna wrote: >>>> >>>> >>>> Dear, I have an Asterisk PBX in a DMZ behind a pfSense and a remote >>>> peer out of the pfSense. I connect PBX and Peer in order to establish >>>> a SIP trunk. >>>> >>>> In the path "PBX -- pfSense -- SIP trunk peer" there is no NAT at all. >>>> >>>> So we have generated two firewall rules: >>>> >>>> PBX --> SIP Peer with ANY >>>> SIP Peer --> PBX with ANY >>> >>> >>> >>> When you say any, is it a bit unclear, Protocol any? or TCP any, UDP any? >>> >>> Could you elaborate on the exact rules you have set up? >>> >>>> >>>> But often the SIP packets coming from the SIP Peer don't cross the >>>> pfSEnse to PBX. The packets never reach my PBX. >>>> >>>> Is there any feature I have to enable/disable in pfSense in order to >>>> work with SIP protocol to have established the SIP trunk ??? >>>> >>>> The SIP trunk provider tell me that the SIP Options they send me are >>>> not responded by us. >>>> >>>> Thanks a lot, >>>> >>>> ROBERT >>>> _______________________________________________ >>>> pfSense mailing list >>>> https://lists.pfsense.org/mailman/listinfo/list >>>> Support the project with Gold! https://pfsense.org/gold >>> >>> >>> >>> >>> _______________________________________________ >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >> >> _______________________________________________ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
