Results 1 to 10 of 21

Thread: Anyone using 2 or more lines with m0n0wall or pfSense router ?

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 11-16-2016 12:32 PM #1
    djrobx
    djrobx is offline Junior Member
    Join Date
    May 2011
    Posts
    15

    Default Re: Anyone using 2 or more lines with m0n0wall or pfSense router ?

    I just wanted to add to this thread, since it's what shows up at the top of a google search for PFSense and VOIPo. I have a GrandStream TA.

    I was experiencing 1 way audio on inbound calls once I installed PFSense. I noticed looking at the firewall logs that the external servers were attempting to connect on low ports outside the "standard" port forward ranges VOIPo recommends. The problem is caused by an outbound port remapping feature, which is enabled by default for security reasons:

    https://doc.pfsense.org/index.php/Static_Port

    This link describes the feature and includes instructions on enabling a "static port" which disables this feature for a specific device. Once you do that, the generally prescribed port forwarding options will work and the 1 way audio problems stop.

    I had seen a few other posts suggesting setting up some specific mappings for specific external servers, but I didn't want a solution that was dependent on knowing external IPs. VOIPo might change those. I figured it had to be something simpler, since the port forwards work OK with most generic routers
    Reply With Quote Reply With Quote
  2. 11-16-2016 07:40 PM #2
    chpalmer
    chpalmer is offline Senior Member
    Join Date
    Feb 2007
    Location
    Kitsap County, WA.
    Posts
    734

    Default Re: Anyone using 2 or more lines with m0n0wall or pfSense router ?

    Quote Originally Posted by djrobx View Post
    I just wanted to add to this thread, since it's what shows up at the top of a google search for PFSense and VOIPo. I have a GrandStream TA.
    Ive replied to a few posts over at the pfsense forums on similar subjects and since the 2011 post I made here I have turned up a few pfsense boxes for customers with VOIP. Basically if you look at the information you have already described here namely the failed attempts by the servers to connect inbound you can build firewall rules based on that. No port forwarding needed. You dont want it especially if your running more than one ATA behind your firewall. I have a few numbers here behind my primary data center and use the SIProxd package on my pfSense box. At other sites I simply have built firewall rules allowing both SIP and RTP servers access to the LAN address of the ATA on the customer LAN and have absolutely no problem.
    I Void Warranties.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules