I finally made the switch from m0n0wall to PfSense today. It all went well (PfSense can import the m0n0wall config file directly), except for one thing: After the switch, I didn't have any audio when calling through one of my VoIP provider. I fixed the problem by enabling advanced outbound NAT, and enabling the static port feature for the default rule. I needed that because PF, the packet filter used in PfSense, scrambles automaticallly the source port for more security, but VoIP needs it to be the same port to know what session it is part of. Next step is to enable it only for my Asterisk server and my Vonage ATA, instead of my whole lan.

In the end, PfSense is worth the try. I think the VoIP traffic shaping is still not perfect, but it'll probably be fixed before it is released as stable (it is now RC1). Feel free to share your experiences with firewalls :).


BorduasRG said…
Maybe it was the way to work with an internal Asterisk. With my external Asterisk, and using multiple voip phones in my NAT, the outbound nat static port
BorduasRG said…
Well that way I wasn't able to use more than 1 phone at the same time. The inbound 5060 was always forwarded to the first one that connected.

Still need to do some testing, i'll let you guys know.
ugob said…
You should try using a different port for each phone.

Popular posts from this blog

Outlook 2007 Add-in with OTRS

Asterisk works under OpenVZ (no zaptel)

KeePass enforced configuration