Thought I'd add more information here. I currently have my siproxd setup to go out of our WAN interface (the cable modem) Here is my configuration and associate firewall rules.
# cat siproxd.conf # This file was automatically generated by the pfSense # package management system. if_inbound = dc0 if_outbound = rl0 #(cable modem , WAN) sip_listen_port = 5060 daemonize = 1 silence_log = 0 log_calls = 1 user = nobody chrootjail = /usr/local/siproxd/ registration_file = siproxd_registrations pid_file = siproxd.pid rtp_proxy_enable = 1 rtp_port_low = 7070 rtp_port_high = 8100 rtp_timeout = 300 default_expires = 600 debug_level = 0x00000000 outbound_proxy_host = sip.example.com outbound_proxy_port = 5060 rtp_dscp = 46 # pfctl -s rules | grep -i sip pass in quick on rl0 reply-to (rl0 70.166.yyy.xxx) inet proto tcp from any to any port 7069 >< 8101 flags S/SA keep state label "USER_RULE: sip rtp" Now I set my outbound interface in the siproxd gui configuration to the T1 (rl1) and the configuration & fw rules are below # cat siproxd.conf # This file was automatically generated by the pfSense # package management system. if_inbound = dc0 if_outbound = rl1 sip_listen_port = 5060 daemonize = 1 silence_log = 0 log_calls = 1 user = nobody chrootjail = /usr/local/siproxd/ registration_file = siproxd_registrations pid_file = siproxd.pid rtp_proxy_enable = 1 rtp_port_low = 7070 rtp_port_high = 8100 rtp_timeout = 300 default_expires = 600 debug_level = 0x00000000 outbound_proxy_host = sip.example.com outbound_proxy_port = 5060 rtp_dscp = 46 # pfctl -s rules |grep -i sip pass in quick on rl0 reply-to (rl0 70.166.15.129) inet proto tcp from any to any port 7069 >< 8101 flags S/SA keep state label "USER_RULE: sip rtp" the rule is still set to use rl0 (WAN) and not rl1 (T1) attempting to set my rule manually to pass in quick on rl1 reply-to (rl1 72.164.43.49) inet proto tcp from any to any port 7069 >< 8101 flags S/SA keep state label "USER_RULE: sip rtp" allowed me to make calls out, but no audio came back in. any help on the subject is greatly appreciated. From: Reza A. Ambler [mailto:r...@rndcomputing.com] Sent: Sunday, July 26, 2009 6:01 PM To: 'support@pfsense.com' Subject: [pfSense Support] siproxd + Multi Wan Hi everyone, I currently have pfSense version 1.2.2 installed. I have 3 interfaces WAN, LAN, and T1 (Opt1). I setup siproxd originally with inbound as LAN and outbound as WAN and everything was working smoothly. I have tried configuring siproxd to go out of the T1 interface and have been unsuccessful. I am able to make the call out, however no audio comes back. After configuring the siprox daemon to send data out on the T1 interface I ran pfctl -s all and found the following rule. pass in quick on rl0 reply-to (rl0 70.166.15.129) inet proto tcp from any to any port 7069 >< 8101 flags S/SA keep state label "USER_RULE: sip rtp" Interface rl0 is my WAN interface, and rl1 is my T1 interface. It doesn't look like siproxd's package is updating the firewall rule correctly. I attempted to set the following rule Any suggestions? We need the VoIP traffic to go out of our T1 because the COX communications cable modem has too much intermittent packet loss. Thanks, -Reza
