You are not parting attention. The NAT rules have to be created AFTER the outbound Nat rule otherwise they stay randomized.
Download the config file made available. Put in your Ethernet interface names/ip's and password by grabbing those from your backup, then upload and restart. Also make sure you don't have the stupid siproxd package erroneously installed. Until you realize you cannot expect Nat to work until you destroy your rules and recreate them in the correct order and reboot or great states you will not get anywhere and are wasting time. On Jul 21, 2012 12:42 PM, "Kurt Albershardt" <k...@nv.net> wrote: > Thanks. I read several mentions of port randomization and static NAT > previously, but I didn't see it happening in the logs. > > Wondering about > "pfSense Webgui – I have it set for https on port 10443, change it > to something you want, but remember stay away from: 80,8443, > 5060-5080, 30000-31000." > Unless I plan on accessing the sipx box from outside the firewall, why > should the webGUI port for pfSense matter? > > Also, can someone confirm that I'm seeing keepalives below, and whether I > can or should disable them once I have a static NAT rule? > > > On Jul 20, 2012, at 19:12 , Tony Graziano wrote: > > Read this > > http://blog.myitdepartment.net/?p=37 > On Jul 20, 2012 9:06 PM, "Tony Graziano" <tgrazi...@myitdepartment.net> > wrote: > >> Your outbound Nat type needs to be set for "static port" before your Nat >> rules are created. >> On Jul 20, 2012 8:03 PM, "Kurt Albershardt" <k...@nv.net> wrote: >> >>> Forgot to mention that it does not appear to be doing port >>> randomization. Running tcpdump from the pfSense box itself shows source >>> ports of 5080, which should effectively open the hole for their inbound UDP: >>> >>> 17:47:36.868729 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4 >>> 17:47:56.875211 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4 >>> 17:48:16.882387 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4 >>> 17:48:36.889707 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4 >>> 17:48:56.896991 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4 >>> >> > > _______________________________________________ > sipx-users mailing list > sipx-users@list.sipfoundry.org > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: helpd...@voice.myitdepartment.net Helpdesk Customers: http://myhelp.myitdepartment.net Blog: http://blog.myitdepartment.net
_______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/
