Wednesday, July 05, 2006

PfSense

I finally made the switch from m0n0wall to PfSense today. It all went well (PfSense can import the m0n0wall config file directly), except for one thing: After the switch, I didn't have any audio when calling through one of my VoIP provider. I fixed the problem by enabling advanced outbound NAT, and enabling the static port feature for the default rule. I needed that because PF, the packet filter used in PfSense, scrambles automaticallly the source port for more security, but VoIP needs it to be the same port to know what session it is part of. Next step is to enable it only for my Asterisk server and my Vonage ATA, instead of my whole lan.


In the end, PfSense is worth the try. I think the VoIP traffic shaping is still not perfect, but it'll probably be fixed before it is released as stable (it is now RC1). Feel free to share your experiences with firewalls :).

Labels: , , ,

3 Comments:

At 12:03 PM, Blogger BorduasRG said...

Maybe it was the way to work with an internal Asterisk. With my external Asterisk, and using multiple voip phones in my NAT, the outbound nat static port

 
At 12:04 PM, Blogger BorduasRG said...

Well that way I wasn't able to use more than 1 phone at the same time. The inbound 5060 was always forwarded to the first one that connected.

Still need to do some testing, i'll let you guys know.

 
At 2:34 PM, Blogger ugob said...

You should try using a different port for each phone.

 

Post a Comment

<< Home