PfSense

I finally made the switch from m0n0wall to PfSense today. It all went well (PfSense can import the m0n0wall config file directly), except for one thing: After the switch, I didn't have any audio when calling through one of my VoIP provider. I fixed the problem by enabling advanced outbound NAT, and enabling the static port feature for the default rule. I needed that because PF, the packet filter used in PfSense, scrambles automaticallly the source port for more security, but VoIP needs it to be the same port to know what session it is part of. Next step is to enable it only for my Asterisk server and my Vonage ATA, instead of my whole lan.


In the end, PfSense is worth the try. I think the VoIP traffic shaping is still not perfect, but it'll probably be fixed before it is released as stable (it is now RC1). Feel free to share your experiences with firewalls :).

Comments

ugob said…
You should try using a different port for each phone.

Popular posts from this blog

General linux performance troubleshooting

Networker automated recovery testing using the REST API - introduction

Tips for being a better system administrator