Thanks. I read several mentions of port randomization and static NAT previously, but I didn't see it happening in the logs.
Wondering about "pfSense Webgui – I have it set for https on port 10443, change it to something you want, but remember stay away from: 80,8443, 5060-5080, 30000-31000." Unless I plan on accessing the sipx box from outside the firewall, why should the webGUI port for pfSense matter? Also, can someone confirm that I'm seeing keepalives below, and whether I can or should disable them once I have a static NAT rule? On Jul 20, 2012, at 19:12 , Tony Graziano wrote: > Read this > > http://blog.myitdepartment.net/?p=37 > > On Jul 20, 2012 9:06 PM, "Tony Graziano" <[email protected]> wrote: > Your outbound Nat type needs to be set for "static port" before your Nat > rules are created. > > On Jul 20, 2012 8:03 PM, "Kurt Albershardt" <[email protected]> wrote: > Forgot to mention that it does not appear to be doing port randomization. > Running tcpdump from the pfSense box itself shows source ports of 5080, which > should effectively open the hole for their inbound UDP: > > 17:47:36.868729 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4 > 17:47:56.875211 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4 > 17:48:16.882387 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4 > 17:48:36.889707 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4 > 17:48:56.896991 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
