On Wed, Apr 6, 2011 at 2:05 PM, Tim Byng <t...@missioninc.com> wrote: > Hi Tony, > Thanks for the feedback. I thought you would be the one replying to this > question. :) > > On Tue, Apr 5, 2011 at 5:02 PM, Tony Graziano <tgrazi...@myitdepartment.net> > wrote: >> >> Your outbound nat type for the sip server should be Manual But not for the >> whole subnet Which should be automatic. > > I think I understand what you're saying. I'm new to pfSense and was > wondering if you wouldn't mind clearing up a couple of questions I have. > First of all, here's how I originally set up pfSense: > > On the Firewall: NAT: Outbound page, I selected "Manual Outbound NAT rule > generation (AON - Advanced Outbound NAT)" and clicked Save. Two Outbound NAT > mappings were automatically added. > I edited the "Auto created rule for LAN to WAN" mapping, selected Static > Port and clicked Save. > On the Firewall: NAT: Port Forward page, I added the required mappings and > rules for sipXecs (this is pretty straight forward, so I will not go into > the details). > > Based on your response, I believe I need to change steps one and two. Please > let me know if this is correct: > > On the Firewall: NAT: Outbound page, ensure "Automatic outbound NAT rule > generation (IPsec passthrough included)" is selected (i.e. don't change the > default). > Add an Outband NAT mapping, set the source to the sipXecs server and select > Static Port. > > The available source types on an Outbound NAT mapping are "any" and > "Network". I do not have my sipXecs box in a different subnet than the rest > of my network (I only have a handful of phones and rarely add or replace > phones). Can I set the source to just one IP address? Let's say my sipXecs > box has an IP address of 192.168.1.10 with a subnet mask of 255.255.255.0. > Can I set the source of the Outbound NAT mapping to 192.168.1.10/32? > I appologize for asking what are probably pretty basic networking questions. > This isn't in my area of expertise. > Thanks, > Tim
Sure Tim. 192.168.1.10/32 Manual/Static If you PC's and phones are on DHCP and the DHCP range is definable... 192.168.1.129-254 (dhcp range), then do 192.168.1.128/25 "automatic" and thusly 192.168.1.0/25 manual (split the difference) I think you get the general idea though. -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: tgrazi...@voice.myitdepartment.net Fax: 434.326.5325 Email: tgrazi...@myitdepartment.net LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: helpd...@voice.myitdepartment.net Helpdesk Contract Customers: http://support.myitdepartment.net Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/
