I followed the sample config provided by Tony.. I believe the manual
outbound NAT rule as part of that configuration has an outbound
manual NAT rule for entire network. I'll have to validate this
later. My phones and sipx are on their own vlan.
Thanks,
Steve
Appraisal Host Software
781-214-6250
On 2/29/2012 8:35 AM, Michael Picher wrote:
and you've specifically enabled static outbound NAT
for the IP address of the server only (don't do it for the entire
phone network / computer network)?
I can't see how this would work with a checkpoint but not
pfSense.
Thanks.. I have no
issue spending money or time figuring this out however,
I've yet to find anyone that's gotten this to work with a
pfsense firewall and broadvox. I'm open to using another
open source fw as well.
So, if there is anyone on the list that has gotten this to
work (sipx, pfsense fw and broadvox) I'd like to hear from
you. Specifically, my issue is inbound calling. Outbound
works fine.
Steve
On 02/29/2012 07:22 AM, Michael Picher wrote:
Server can only have one NIC
so this is a fail...
What you're trying to do here really isn't that
hard...
If you can't make it work, I'd suggest spending
more time to learn about this stuff and make sure
you have the proper hardware. Or seek help from
somebody who can just set it up for you and make
it work.
Both of which may involve some $... But, there
are only 2 ways to do things.
This probably isn't
specifically a sipx architecture question..
I've been having some issues with NAT, I've
been able to get it to work
with one firewall (that's underpowered) but
not pfsense. I've even gone
so far as to start from scratch going to v1x
of pfsense and following
Tony's postings and importing pieces of Tony's
sample config with no
success. I've even tried IPCOP with same
results.
So, I've decided to abandon the whole NAT
thing and just move the server
to the DMZ. So my question is this, as I have
2 NIC's in my sipx server
can I just add the second IP to the server
(for the DMZ public address)
and then also have the server plugged into the
existing phone (non
routable) network?
Essentially, my phones (all IP) would be
completely segregated with no
access to the Internet or other networks. The
sipx server would have a
connection on that network as they would
obviously need to communicate
with the sipx server.
Are there any issues with this config? Do the
phones need any other
connectivity other than the sipx server, NTP
for example?
