even when i port forward ports 1024-65535 to my lingo device it
still occasionally blocks the traffic. i have the rule setup on my
WAN interface and also on the nat/portforward.
i wonder if it is something specific to the voip traffic and the way
pfsense is handling it??
-phil
On Sep 5, 2008, at 10:43 PM, Bill Marquette wrote:
I think you're dancing all around the solution :)
You need an inbound NAT or port forward for UDP ports 1-65535 pointing
to 10.0.0.1.
Alternately, a 1:1 NAT using YOUR external IP, not the IP of the
service (ie. 216.181.136.7 in your example below should be whatever
your external IP is, not that of Lingo). The internal is still
10.0.0.1 (assuming that's your internal machine doing Lingo VOIP).
--Bill
On Fri, Sep 5, 2008 at 9:17 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
man O man.... still getting blocked,
tried calling my VoIP phone from my cell phone and the traffic was
blocked
again by the default drop all rule. below is the log entry of the
blocked
traffic.
WAN 216.181.136.7:5065 xx.xx.xx.xx:63792
this after allowing source 216.181.136.7 through my WAN interface
destined
for any port and also creating a 1:1 entry as follows:
Interface External IP Internal IP
Description
WAN 216.181.136.7/32 10.0.0.1/32 Allow
Incoming VoIP
WTF, shouldn't that be allowed through?
thanks gents.
-phil
On Sep 5, 2008, at 8:12 AM, Paul Mansfield wrote:
BSD Wiz wrote:
ah, i don't have any 1:1 nat entries, or static routes for this
firewall
issue. so when the traffic hits the WAN interface perhaps it's not
always finding it's way to the voip box in the dmz?
i have added a 1:1 mapping as follows:
Interface External IP Internal IP
Description
WAN 216.181.136.7/32 10.0.0.1/32 VoIP Box
where 10.0.0.1/32 is the ip of the DMZ interface.
should that be sufficient?
i can see why some of the traffic was not making it through
since i only
had a rule to allow traffic from 216.181.136.7 but no port
forwarding,
static routes or 1:1 nat entries.
seems reasonable to me, you should know if it's working by
testing. use
tcpdump on firewall, on each interface in turn to see traffic
flow...
use "tcpdump -ln port XXX" to limit the amount of traffic you sniff.
--------------------------------------------------------------------
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]