Chris Bagnall wrote:
I have an asterisk server that is working mostly with SIP clients
behind NAT. I'd like to put this asterisk server behind the PfSense to
benefit from QoS and added security, packages, etc. However, I just
tested and I can't make it work with more than 2 clients at the time
(using 1-to-1 NAT).
Interesting. We have quite a few pfsense + asterisk deployments out there in
precisely this configuration and everything works fine.
Weird. Maybe I'll write an howto when I succeed, as almost everything
on pfsense + asterisk on google doesn't seem to be working.
You've set up 1:1 NAT, that's fine. In pfSense, check that port 5060 is allowed
(UDP) for SIP, and 10000-20000 are allowed (UDP) for RTP - assuming you haven't
changed the port range in asterisk's rtp.conf
Yes, I'm allowing
UDP 5060 - 5069 (SIP
UDP 10000-20000 (RTP)
On the asterisk box, check your sip.conf file. You need the following:
localnet = 10.0.0.0/8
localnet = 172.16.0.0/12
localnet = 192.168.0.0/16
localnet = 169.254.0.0/16
I missed that.
externip = <asterisk_true_external_ip>
I had this.
Substitute your real external 1:1 NAT IP into externip. The localnet entries
tell asterisk that SIP packets from any of those address ranges should have
their claimed IP ignored and their apparent IP/port used instead.
Oh, I thought externip was enough.
In each sip.conf device section, make sure nat=yes is included.
Yes, all there.
Hopefully that should solve your problems.
I'll try that tonight or tomorrow night.
Thanks a lot!
Ugo
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
