Chris Bagnall wrote:
I have an asterisk server that is working mostly with SIP clients
behind NAT. I'd like to put this asterisk server behind the PfSense to
benefit from QoS and added security, packages, etc. However, I just
tested and I can't make it work with more than 2 clients at the time
(using 1-to-1 NAT).
Interesting. We have quite a few pfsense + asterisk deployments out there in
precisely this configuration and everything works fine.
You've set up 1:1 NAT, that's fine. In pfSense, check that port 5060 is allowed
(UDP) for SIP, and 10000-20000 are allowed (UDP) for RTP - assuming you haven't
changed the port range in asterisk's rtp.conf
On the asterisk box, check your sip.conf file. You need the following:
localnet = 10.0.0.0/8
localnet = 172.16.0.0/12
localnet = 192.168.0.0/16
localnet = 169.254.0.0/16
externip = <asterisk_true_external_ip>
Substitute your real external 1:1 NAT IP into externip. The localnet entries
tell asterisk that SIP packets from any of those address ranges should have
their claimed IP ignored and their apparent IP/port used instead.
In each sip.conf device section, make sure nat=yes is included.
Hopefully that should solve your problems.
Regards,
Chris
It looks like it is going to work. Will perform more test tomorrow, but
it definitely looks good.
Ugo
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
