Re: [pfSense Support] [DEBUG] Lock recursion detected
On Wed, Apr 23, 2008 at 6:31 PM, Tortise [EMAIL PROTECTED] wrote: Hi I have been testing NAT with UDP and a port range of 10001 - 16383. This is on 1.2 final, embedded on i386. You might want to disable NAT reflection (System-Advanced if my memory serves) if you need to redirect that large of a range. Of course, you'll need to have a properly architected split-DNS to achieve this :) OK revert to original wide range the following is logged: Apr 24 11:20:02 php: : Not installing nat reflection rules for a port range 500 Apr 24 11:19:53 login: login on console as root Apr 24 11:19:51 php: /ifstats.php: [DEBUG] Lock recursion detected. Seems the DEBUG message is a bug that you might wish to know about? Thanks, not sure, but we'll look into it. Of course I can enter 13 NAT blocks of ~ 500 ports each to achieve the required range of 6382 ports, is that intended by design in these days of VOIP? Not sure - all VOIP I've done the connections are all outbound from my network to the phone system. I wouldn't have expected such a large range to be forwarded inbound. Maybe someone with more VOIP experience can comment. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] [DEBUG] Lock recursion detected
As always thank you again Bill Now I think the penny has dropped and I now understand that message Not installing nat reflection rules for a port range 500 The default Trixbox incoming audio port range is closer to 10001 to 2, I've cut mine down! One of the main reasons for using pfSense here is the NAT reflection works. To my knowledge there is, however, no need for NAT reflection to work on the incoming VOIP ports? Perhaps others know otherwise? Kind regards David Hingston - Original Message - From: Bill Marquette [EMAIL PROTECTED] To: support@pfsense.com Sent: Thursday, April 24, 2008 12:00 PM Subject: Re: [pfSense Support] [DEBUG] Lock recursion detected On Wed, Apr 23, 2008 at 6:31 PM, Tortise [EMAIL PROTECTED] wrote: Hi I have been testing NAT with UDP and a port range of 10001 - 16383. This is on 1.2 final, embedded on i386. You might want to disable NAT reflection (System-Advanced if my memory serves) if you need to redirect that large of a range. Of course, you'll need to have a properly architected split-DNS to achieve this :) OK revert to original wide range the following is logged: Apr 24 11:20:02 php: : Not installing nat reflection rules for a port range 500 Apr 24 11:19:53 login: login on console as root Apr 24 11:19:51 php: /ifstats.php: [DEBUG] Lock recursion detected. Seems the DEBUG message is a bug that you might wish to know about? Thanks, not sure, but we'll look into it. Of course I can enter 13 NAT blocks of ~ 500 ports each to achieve the required range of 6382 ports, is that intended by design in these days of VOIP? Not sure - all VOIP I've done the connections are all outbound from my network to the phone system. I wouldn't have expected such a large range to be forwarded inbound. Maybe someone with more VOIP experience can comment. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] [DEBUG] Lock recursion detected
On Wed, Apr 23, 2008 at 7:15 PM, Tortise [EMAIL PROTECTED] wrote: As always thank you again Bill Now I think the penny has dropped and I now understand that message Not installing nat reflection rules for a port range 500 duh, yeah :) So yeah, the reflection rules aren't enabled for large ranges, that's all the error is showing. Disabling reflection, generically won't help any more than removing the message entirely. To my knowledge there is, however, no need for NAT reflection to work on the incoming VOIP ports? Shouldn't need to unless somehow calls within the voice switch need to go outside to come back in (seems kinda stupid to me) --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]