As always thank you again Bill Now I think the penny has dropped and I now understand that message "Not installing nat reflection rules for a port range >500"
The default Trixbox incoming audio port range is closer to 10001 to 20000, I've cut mine down! One of the main reasons for using pfSense here is the NAT reflection works. To my knowledge there is, however, no need for NAT reflection to work on the incoming VOIP ports? Perhaps others know otherwise? Kind regards David Hingston ----- Original Message ----- From: "Bill Marquette" <[EMAIL PROTECTED]> To: <support@pfsense.com> Sent: Thursday, April 24, 2008 12:00 PM Subject: Re: [pfSense Support] [DEBUG] Lock recursion detected On Wed, Apr 23, 2008 at 6:31 PM, Tortise <[EMAIL PROTECTED]> wrote: > > > Hi > > I have been testing NAT with UDP and a port range of 10001 - 16383. This > is on 1.2 final, embedded on i386. You might want to disable NAT reflection (System->Advanced if my memory serves) if you need to redirect that large of a range. Of course, you'll need to have a properly architected split-DNS to achieve this :) > OK revert to original wide range the following is logged: > Apr 24 11:20:02 php: : Not installing nat reflection rules for a port range > > 500 > Apr 24 11:19:53 login: login on console as root > Apr 24 11:19:51 php: /ifstats.php: [DEBUG] Lock recursion detected. > > Seems the DEBUG message is a bug that you might wish to know about? Thanks, not sure, but we'll look into it. > Of course I can enter 13 NAT blocks of ~ 500 ports each to achieve the > required range of 6382 ports, is that intended by design in these days of > VOIP? Not sure - all VOIP I've done the connections are all outbound from my network to the phone system. I wouldn't have expected such a large range to be forwarded inbound. Maybe someone with more VOIP experience can comment. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
