Re: [pfSense] pfSense and SIP

Tue, 09 Jan 2018 23:20:48 -0800 

Roberto,
I run an asterisk behind a pfSense 2.2.6 NAT and to make the scenario you've described work, I have to do port forwarding and I allow the firewall to generate to corresponding rules. I fought and fought and finally just let the firewall do it's thing and let go of a degree of controlĀ  Works fine, lasts a long time. 



On 01/09/2018 07:49 AM, Roberto Carna wrote:

you're describeSpecial thanks to both of you...

With ANY I mean "all TCP and UDP ports".

Maybe when the remote peer sends to my PBX the SIP packet with the SIP
Options, the response from the PBX is a SIP packet defined as
ESTABLISHED traffic....and this ESTABLISHED feature is not working or
not defined in pfSEnse firewall rules ??? Because the SIP response
packet from PBX to the remote peer is not a new traffic, is an
established traffic....

Thanks a lot again, regards!!!

2018-01-09 12:17 GMT-03:00 Giles Coochey <gi...@coochey.net>:

On 09/01/2018 14:34, Roberto Carna wrote:

Dear, I have an Asterisk PBX in a DMZ behind a pfSense and a remote
peer out of the pfSense. I connect PBX and Peer in order to establish
a SIP trunk.

In the path "PBX -- pfSense -- SIP trunk peer" there is no NAT at all.

So we have generated two firewall rules:

PBX --> SIP Peer with ANY
SIP Peer --> PBX with ANY


When you say any, is it a bit unclear, Protocol any? or TCP any, UDP any?

Could you elaborate on the exact rules you have set up?


But often the SIP packets coming from the SIP Peer don't cross the
pfSEnse to PBX. The packets never reach my PBX.

Is there any feature I have to enable/disable in pfSense in order to
work with SIP protocol to have established the SIP trunk ???

The SIP trunk provider tell me that the SIP Options they send me are
not responded by us.

Thanks a lot,

ROBERT
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold



_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold



_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold





















					Reply via email to