Re: [pfSense] Voipo

2014-12-22 Thread J. Echter
Am 22.12.2014 um 00:17 schrieb Brian Caouette:


 *From:* DJ-BrianC djbrianc...@gmail.com mailto:djbrianc...@gmail.com
 *Date:* December 21, 2014 at 5:43:19 PM EST
 *To:* pfSense Support and Discussion Mailing List
 list@lists.pfsense.org mailto:list@lists.pfsense.org
 *Subject:* *Voipo*

 Has anyone had success with Voipo and pfSense? I'm not sure if this
 is a pf issue or their issue but out going calls work fine. Incoming
 are very spotty and fail most of the time. I've port forwarded the
 ports as marked here: http://www.voip-info.org/wiki/view/NAT+and+VOIP

 Suggestions?

 Sent from my iPad


 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
Hi,

try this:

Firewall - NAT - Outbound

click Manual Outbound NAT rule generation

add this mapping:

Interface = WAN
Source = your  voip server for example 192.168.3.2/32
Source Port = udp/*
Destination = IP of your provider
Destination Port udp/*
NAT Address = WAN address
NAT PORT = *
Static Port = yes

this works for us, and you don't need the port forwarding anymore.

greetings

juergen
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Voipo

2014-12-22 Thread Jens Tautenhahn

Has anyone had success with Voipo and pfSense? I'm not sure if this is
a pf issue or their issue but out going calls work fine. Incoming are
very spotty and fail most of the time. I've port forwarded the ports
as marked here: http://www.voip-info.org/wiki/view/NAT+and+VOIP


Have you tried siproxd? Siproxd sets port forwarding and firewall rules 
dynamically. With siproxd it is possible to use multiple SIP devices 
behind pfSense.

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] FQDN alias update failure

2014-12-22 Thread Renato Botelho
 On Dec 19, 2014, at 18:07, Volker Kuhlmann list0...@paradise.net.nz wrote:
 
 pf tables can be populated from FQDNs through pfsense aliases. However
 the FQDNs are not re-evaluated and pf tables are not updated after
 applying changes to the aliases or filter rules, creating confusion when
 setting up rules. The update only happens eventually when the filterdns
 background process gets around to it.

Every time alias is changed, a HUP signal is sent do filterdns [1], and it 
triggers it to read config again and update aliases.

 Is there a way to run a command that does an update immediately, while
 the problem is being fixed?
 
 filterdns is run as
 
 /usr/local/sbin/filterdns -p /var/run/filterdns.pid -i 300 -c 
 /var/etc/filterdns.conf -d 1
 
 and expects a config file as minimum argument.
 
 However it always starts up a new instance that keeps running. Is it
 possible to tell it to terminate after one update iteration, or do I
 need to write a script that kills it after 10 seconds? Thanks.

Could you let me know the steps to have multiple filterdns instances running? I 
couldn’t reproduce it here.

[1] https://github.com/pfsense/pfsense/blob/RELENG_2_2/etc/inc/filter.inc#L394
--
Renato Botelho

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Voipo

2014-12-22 Thread Brian Caouette
Does this affect any other port forwards?

Sent from my iPad

 On Dec 22, 2014, at 3:14 AM, J. Echter j.ech...@echter-kuechen-elektro.de 
 wrote:
 
 Am 22.12.2014 um 00:17 schrieb Brian Caouette:
 
 
 From: DJ-BrianC djbrianc...@gmail.com
 Date: December 21, 2014 at 5:43:19 PM EST
 To: pfSense Support and Discussion Mailing List list@lists.pfsense.org
 Subject: Voipo
 
 Has anyone had success with Voipo and pfSense? I'm not sure if this is a pf 
 issue or their issue but out going calls work fine. Incoming are very 
 spotty and fail most of the time. I've port forwarded the ports as marked 
 here: http://www.voip-info.org/wiki/view/NAT+and+VOIP
 
 Suggestions?
 
 Sent from my iPad
 
 
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
 Hi,
 
 try this:
 
 Firewall - NAT - Outbound
 
 click Manual Outbound NAT rule generation
 
 add this mapping:
 
 Interface = WAN
 Source = your  voip server for example 192.168.3.2/32
 Source Port = udp/*
 Destination = IP of your provider
 Destination Port udp/*
 NAT Address = WAN address
 NAT PORT = *
 Static Port = yes
 
 this works for us, and you don't need the port forwarding anymore.
 
 greetings
 
 juergen
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Voipo

2014-12-22 Thread Brian Caouette
I have not but its worth a shot.

Sent from my iPad

On Dec 22, 2014, at 4:21 AM, Jens Tautenhahn sho...@tausys.de wrote:

 Has anyone had success with Voipo and pfSense? I'm not sure if this is
 a pf issue or their issue but out going calls work fine. Incoming are
 very spotty and fail most of the time. I've port forwarded the ports
 as marked here: http://www.voip-info.org/wiki/view/NAT+and+VOIP
 
 Have you tried siproxd? Siproxd sets port forwarding and firewall rules 
 dynamically. With siproxd it is possible to use multiple SIP devices behind 
 pfSense.
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] FQDN alias update failure

2014-12-22 Thread Volker Kuhlmann
On Tue 23 Dec 2014 00:30:39 NZDT +1300, Renato Botelho wrote:

 Every time alias is changed, a HUP signal is sent do filterdns [1],
 and it triggers it to read config again and update aliases.

Thanks for the tip. However a

  kill -HUP `cat /var/run/filterdns.pid`

doesn't seem to cause an immediate update of aliases. filterdns seems to
wait until the end of the current interval before doing anything. It
would do the same with sending HUP (changing aliases as already done
that).

 Could you let me know the steps to have multiple filterdns instances
 running? I couldn’t reproduce it here.

Trivial, just run it:

  /usr/local/sbin/filterdns -p /var/run/filterdns.pid -i 300 -c 
/var/etc/filterdns.conf -d 1

This incantation is run by pfsense. Doing the same from the command line
starts up a new instance of filterdns each time. It also updates aliases
immediately.

Volker

-- 
Volker Kuhlmann
http://volker.top.geek.nz/  Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Voipo

2014-12-22 Thread J. Echter
nope

Am 22.12.2014 um 13:15 schrieb Brian Caouette:
 Does this affect any other port forwards?

 Sent from my iPad

 On Dec 22, 2014, at 3:14 AM, J. Echter
 j.ech...@echter-kuechen-elektro.de
 mailto:j.ech...@echter-kuechen-elektro.de wrote:

 Am 22.12.2014 um 00:17 schrieb Brian Caouette:


 *From:* DJ-BrianC djbrianc...@gmail.com
 mailto:djbrianc...@gmail.com
 *Date:* December 21, 2014 at 5:43:19 PM EST
 *To:* pfSense Support and Discussion Mailing List
 list@lists.pfsense.org mailto:list@lists.pfsense.org
 *Subject:* *Voipo*

 Has anyone had success with Voipo and pfSense? I'm not sure if this
 is a pf issue or their issue but out going calls work fine.
 Incoming are very spotty and fail most of the time. I've port
 forwarded the ports as marked here:
 http://www.voip-info.org/wiki/view/NAT+and+VOIP

 Suggestions?

 Sent from my iPad


 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
 Hi,

 try this:

 Firewall - NAT - Outbound

 click Manual Outbound NAT rule generation

 add this mapping:

 Interface = WAN
 Source = your  voip server for example 192.168.3.2/32
 Source Port = udp/*
 Destination = IP of your provider
 Destination Port udp/*
 NAT Address = WAN address
 NAT PORT = *
 Static Port = yes

 this works for us, and you don't need the port forwarding anymore.

 greetings

 juergen
 ___
 List mailing list
 List@lists.pfsense.org mailto:List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list


 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Very slow traffic from other VM's through pfSense on XenServer

2014-12-22 Thread Morten Christensen


Den 20-12-2014 23:33, Morten Christensen skrev:
I have 2 XenServers, 1 with XenServer 6.2 and one with Xenserver 
Creedence beta 3.


Both have a pfSense 2.2 RC as router/firewall and a couple of Ubuntu 
Linux VM's and a windows-VM.


Traffic through both the physical xenserver-box and the virtual 
pfSense firewall goes at expected speeds.
But traffic from the other VM's on the same server through the pfSense 
out on wan/internet goes very, very slow.

It goes so bad they cannot update themselve with apt-get.

When I try with iperf from a linux VM through the pfSense's WAN the 
speed is 3,82 KBits/sec.
The VM's and pfSense are connected with an internal single-server 
network (as OPT1), and tests to iperf server run on pfSense from a 
linux VM shows gigabit-speed.


One of the pfSense' has xen-tools installed. The other has not. I 
cannot se improvements with the tools installed.


One of my XenServers can get several public IP'numbers. On that I now 
have installed VM's with both an IPCop firewall and a Zentyal firewall.
When one of those new firewall-VMs' is default gateway for the ordinary 
VM's on the XenServer, their wan/internet-speed is normal.


So it must be a configuration-problem om pfSense.

Still no ideas how to find the problem ?


--
Morten Christensen
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] Voipo

2014-12-22 Thread Ryan Rodrigue
I have and it works great.  I did my port forwarding and I think I also had to 
check the box for static port on the outbound nat rule.  I will look at my 
rules when I get home tonight to see what I did.

From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Brian Caouette
Sent: Sunday, December 21, 2014 5:17 PM
To: pfSense Support and Discussion Mailing List
Subject: [pfSense] Voipo



From: DJ-BrianC djbrianc...@gmail.commailto:djbrianc...@gmail.com
Date: December 21, 2014 at 5:43:19 PM EST
To: pfSense Support and Discussion Mailing List 
list@lists.pfsense.orgmailto:list@lists.pfsense.org
Subject: Voipo
Has anyone had success with Voipo and pfSense? I'm not sure if this is a pf 
issue or their issue but out going calls work fine. Incoming are very spotty 
and fail most of the time. I've port forwarded the ports as marked here: 
http://www.voip-info.org/wiki/view/NAT+and+VOIP

Suggestions?

Sent from my iPad
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Today's Infoworld Deep End column

2014-12-22 Thread Walter Parker
Just thought I'd note that Paul Venezia, who does the Deep End column for
Infoworld, just gave a positive heads up to pfSense and the APU1 DIY kit
from Netgate.

http://www.infoworld.com/article/2861574/network-security/you-should-be-running-pfsense-firewall.html


Walter

-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list