Re: [pfSense] Lightsquid
On 2015-02-12 21:13, Jim Pingle wrote: I missed a step, it should be: * Uninstall lightsquid * rm -rf /usr/local/lib/perl5 * rm -rf /usr/local/etc/lightsquid * rm -rf /usr/local/www/lightsquid * rm /usr/local/bin/perl * rm /usr/bin/perl * Reinstall lightsquid Thanks for the instructions. LightSquid now works again on my pfSense box although proxy state still doesn't as reported in https://redmine.pfsense.org/issues/3936 -- Igor Živković http://www.slashtime.net/ ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Multi-WAN port forwarding
On Thu, 2015-02-12 at 21:13 +, Tiernan OToole wrote: Thanks for the tip Chris (Doh!) but tried setting it to UDP and still no luck... --Tiernan -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris L Sent: Thursday 12 February 2015 20:36 To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] Multi-WAN port forwarding SIP is UDP, not TCP. On Feb 12, 2015, at 12:33 PM, Tiernan OToole tier...@tiernanotoole.ie wrote: Morning all. I have a question I hope someone can help me with. I have my PFSense server with 3 WAN connections, load balanced and I need to start forwarding ports, specifically SIP ports. I have done port forwarding on port 80, and it works grand, but doing the same steps with 5060, not so much… The steps I took was: Firewall/NAT, Add, interface = WAN1, proto TCP, src addr and port are both *, dest = WAN1 address, dst port 5060, nat IP (internal ip of the voip box), nat ports 5060 Did this for each WAN connection and again for other ports… but the VoIP firewall checker is still telling me the ports aint open… What am I doing wrong? It works on port 80! Why not SIP?! Thanks. --Tiernan Start by making sure that traffic is actually hitting the rule. Enable logging on the rule and/or run a packet capture on the pfSense box with the interface set to the WAN link, proto UDP port 5060. You could also do a pcap on the LAN interface with the IP of the PBX to see both directions. Install Wireshark obn your PC to look deeply into the pcap (download button) Once you get SIP to work which is usually pretty easy, then you get to diagnose why you get one way audio (RTP). Hopefully that wont happen. Symmetric RTP is your friend here ... Another thing to watch out for is SIP ALGs upstream of the pfSense and making sure that your VoIP system knows its external IP address. Cheers Jon ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Multi-WAN port forwarding
Right... So after a bit of digging, I found the following from my VoIP Server provider: http://www.3cx.com/blog/voip-howto/pfsense-firewall/ They walked me though setting up the firewall rules, and port preservation, which worked to an extent... originally, no traffic was hitting the required ports (5060, 5090 and 9000-9099) but now it is... Its still getting blocked somewhere, but at least it’s a start! Now more digging! --Tiernan -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jon Gerdes Sent: Friday 13 February 2015 13:57 To: list@lists.pfsense.org Subject: Re: [pfSense] Multi-WAN port forwarding On Thu, 2015-02-12 at 21:13 +, Tiernan OToole wrote: Thanks for the tip Chris (Doh!) but tried setting it to UDP and still no luck... --Tiernan -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris L Sent: Thursday 12 February 2015 20:36 To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] Multi-WAN port forwarding SIP is UDP, not TCP. On Feb 12, 2015, at 12:33 PM, Tiernan OToole tier...@tiernanotoole.ie wrote: Morning all. I have a question I hope someone can help me with. I have my PFSense server with 3 WAN connections, load balanced and I need to start forwarding ports, specifically SIP ports. I have done port forwarding on port 80, and it works grand, but doing the same steps with 5060, not so much… The steps I took was: Firewall/NAT, Add, interface = WAN1, proto TCP, src addr and port are both *, dest = WAN1 address, dst port 5060, nat IP (internal ip of the voip box), nat ports 5060 Did this for each WAN connection and again for other ports… but the VoIP firewall checker is still telling me the ports aint open… What am I doing wrong? It works on port 80! Why not SIP?! Thanks. --Tiernan Start by making sure that traffic is actually hitting the rule. Enable logging on the rule and/or run a packet capture on the pfSense box with the interface set to the WAN link, proto UDP port 5060. You could also do a pcap on the LAN interface with the IP of the PBX to see both directions. Install Wireshark obn your PC to look deeply into the pcap (download button) Once you get SIP to work which is usually pretty easy, then you get to diagnose why you get one way audio (RTP). Hopefully that wont happen. Symmetric RTP is your friend here ... Another thing to watch out for is SIP ALGs upstream of the pfSense and making sure that your VoIP system knows its external IP address. Cheers Jon ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Multi-WAN port forwarding
What VOIP platform is it? We have successfully implemented firewall allow rules for our Digium Switchvox PBX using PfSense. We might have similar rule set requirements if that helps at all. On 02/13/2015 01:01 PM, Tiernan OToole wrote: Right... So after a bit of digging, I found the following from my VoIP Server provider: http://www.3cx.com/blog/voip-howto/pfsense-firewall/ They walked me though setting up the firewall rules, and port preservation, which worked to an extent... originally, no traffic was hitting the required ports (5060, 5090 and 9000-9099) but now it is... Its still getting blocked somewhere, but at least it’s a start! Now more digging! --Tiernan -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jon Gerdes Sent: Friday 13 February 2015 13:57 To: list@lists.pfsense.org Subject: Re: [pfSense] Multi-WAN port forwarding On Thu, 2015-02-12 at 21:13 +, Tiernan OToole wrote: Thanks for the tip Chris (Doh!) but tried setting it to UDP and still no luck... --Tiernan -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris L Sent: Thursday 12 February 2015 20:36 To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] Multi-WAN port forwarding SIP is UDP, not TCP. On Feb 12, 2015, at 12:33 PM, Tiernan OToole tier...@tiernanotoole.ie wrote: Morning all. I have a question I hope someone can help me with. I have my PFSense server with 3 WAN connections, load balanced and I need to start forwarding ports, specifically SIP ports. I have done port forwarding on port 80, and it works grand, but doing the same steps with 5060, not so much… The steps I took was: Firewall/NAT, Add, interface = WAN1, proto TCP, src addr and port are both *, dest = WAN1 address, dst port 5060, nat IP (internal ip of the voip box), nat ports 5060 Did this for each WAN connection and again for other ports… but the VoIP firewall checker is still telling me the ports aint open… What am I doing wrong? It works on port 80! Why not SIP?! Thanks. --Tiernan Start by making sure that traffic is actually hitting the rule. Enable logging on the rule and/or run a packet capture on the pfSense box with the interface set to the WAN link, proto UDP port 5060. You could also do a pcap on the LAN interface with the IP of the PBX to see both directions. Install Wireshark obn your PC to look deeply into the pcap (download button) Once you get SIP to work which is usually pretty easy, then you get to diagnose why you get one way audio (RTP). Hopefully that wont happen. Symmetric RTP is your friend here ... Another thing to watch out for is SIP ALGs upstream of the pfSense and making sure that your VoIP system knows its external IP address. Cheers Jon ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold -- -- Steven G. Spencer, Network Administrator KSC Corporate - The Kelly Supply Family of Companies Office 308-382-8764 Ext. 1131 Mobile 402-765-8010 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Multi-WAN port forwarding
I am running 3CX with PFSense in several installations. Are you using Advanved Outbound NAT with static mappings to your PBX? I usually need to do this for SIP (UDP:5060) stun (UDP:5090) and RTP (UDP:9000-9050) in order to make the 3CX firewall checker happy. On Feb 13, 2015 4:02 PM, Tiernan OToole tier...@tiernanotoole.ie wrote: Im using 3CX, and it seems their firewall rule checker is a bit weird... I have managed to get some outgoing calls working by skipping the firewall checker... Still trying to configure incoming calls... but any help would be appreciated! Thanks. --Tiernan -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Spencer Sent: Friday 13 February 2015 20:44 To: list@lists.pfsense.org Subject: Re: [pfSense] Multi-WAN port forwarding What VOIP platform is it? We have successfully implemented firewall allow rules for our Digium Switchvox PBX using PfSense. We might have similar rule set requirements if that helps at all. On 02/13/2015 01:01 PM, Tiernan OToole wrote: Right... So after a bit of digging, I found the following from my VoIP Server provider: http://www.3cx.com/blog/voip-howto/pfsense-firewall/ They walked me though setting up the firewall rules, and port preservation, which worked to an extent... originally, no traffic was hitting the required ports (5060, 5090 and 9000-9099) but now it is... Its still getting blocked somewhere, but at least it’s a start! Now more digging! --Tiernan -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jon Gerdes Sent: Friday 13 February 2015 13:57 To: list@lists.pfsense.org Subject: Re: [pfSense] Multi-WAN port forwarding On Thu, 2015-02-12 at 21:13 +, Tiernan OToole wrote: Thanks for the tip Chris (Doh!) but tried setting it to UDP and still no luck... --Tiernan -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris L Sent: Thursday 12 February 2015 20:36 To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] Multi-WAN port forwarding SIP is UDP, not TCP. On Feb 12, 2015, at 12:33 PM, Tiernan OToole tier...@tiernanotoole.ie wrote: Morning all. I have a question I hope someone can help me with. I have my PFSense server with 3 WAN connections, load balanced and I need to start forwarding ports, specifically SIP ports. I have done port forwarding on port 80, and it works grand, but doing the same steps with 5060, not so much… The steps I took was: Firewall/NAT, Add, interface = WAN1, proto TCP, src addr and port are both *, dest = WAN1 address, dst port 5060, nat IP (internal ip of the voip box), nat ports 5060 Did this for each WAN connection and again for other ports… but the VoIP firewall checker is still telling me the ports aint open… What am I doing wrong? It works on port 80! Why not SIP?! Thanks. --Tiernan Start by making sure that traffic is actually hitting the rule. Enable logging on the rule and/or run a packet capture on the pfSense box with the interface set to the WAN link, proto UDP port 5060. You could also do a pcap on the LAN interface with the IP of the PBX to see both directions. Install Wireshark obn your PC to look deeply into the pcap (download button) Once you get SIP to work which is usually pretty easy, then you get to diagnose why you get one way audio (RTP). Hopefully that wont happen. Symmetric RTP is your friend here ... Another thing to watch out for is SIP ALGs upstream of the pfSense and making sure that your VoIP system knows its external IP address. Cheers Jon ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold -- -- Steven G. Spencer, Network Administrator KSC Corporate - The Kelly Supply Family of Companies Office 308-382-8764 Ext. 1131 Mobile 402-765-8010 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Multi-WAN port forwarding
Im using 3CX, and it seems their firewall rule checker is a bit weird... I have managed to get some outgoing calls working by skipping the firewall checker... Still trying to configure incoming calls... but any help would be appreciated! Thanks. --Tiernan -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Spencer Sent: Friday 13 February 2015 20:44 To: list@lists.pfsense.org Subject: Re: [pfSense] Multi-WAN port forwarding What VOIP platform is it? We have successfully implemented firewall allow rules for our Digium Switchvox PBX using PfSense. We might have similar rule set requirements if that helps at all. On 02/13/2015 01:01 PM, Tiernan OToole wrote: Right... So after a bit of digging, I found the following from my VoIP Server provider: http://www.3cx.com/blog/voip-howto/pfsense-firewall/ They walked me though setting up the firewall rules, and port preservation, which worked to an extent... originally, no traffic was hitting the required ports (5060, 5090 and 9000-9099) but now it is... Its still getting blocked somewhere, but at least it’s a start! Now more digging! --Tiernan -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jon Gerdes Sent: Friday 13 February 2015 13:57 To: list@lists.pfsense.org Subject: Re: [pfSense] Multi-WAN port forwarding On Thu, 2015-02-12 at 21:13 +, Tiernan OToole wrote: Thanks for the tip Chris (Doh!) but tried setting it to UDP and still no luck... --Tiernan -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris L Sent: Thursday 12 February 2015 20:36 To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] Multi-WAN port forwarding SIP is UDP, not TCP. On Feb 12, 2015, at 12:33 PM, Tiernan OToole tier...@tiernanotoole.ie wrote: Morning all. I have a question I hope someone can help me with. I have my PFSense server with 3 WAN connections, load balanced and I need to start forwarding ports, specifically SIP ports. I have done port forwarding on port 80, and it works grand, but doing the same steps with 5060, not so much… The steps I took was: Firewall/NAT, Add, interface = WAN1, proto TCP, src addr and port are both *, dest = WAN1 address, dst port 5060, nat IP (internal ip of the voip box), nat ports 5060 Did this for each WAN connection and again for other ports… but the VoIP firewall checker is still telling me the ports aint open… What am I doing wrong? It works on port 80! Why not SIP?! Thanks. --Tiernan Start by making sure that traffic is actually hitting the rule. Enable logging on the rule and/or run a packet capture on the pfSense box with the interface set to the WAN link, proto UDP port 5060. You could also do a pcap on the LAN interface with the IP of the PBX to see both directions. Install Wireshark obn your PC to look deeply into the pcap (download button) Once you get SIP to work which is usually pretty easy, then you get to diagnose why you get one way audio (RTP). Hopefully that wont happen. Symmetric RTP is your friend here ... Another thing to watch out for is SIP ALGs upstream of the pfSense and making sure that your VoIP system knows its external IP address. Cheers Jon ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold -- -- Steven G. Spencer, Network Administrator KSC Corporate - The Kelly Supply Family of Companies Office 308-382-8764 Ext. 1131 Mobile 402-765-8010 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold