PFSense and FreePBX - IP issue

plrpilot · January 11, 2020, 6:28am

I’m fairly new to pfSense and a complete newb to FreePBX. I’m having a strange IP issue, and after two days, I’m at a dead-end on troubleshooting.

My setup:
I’ve got a pfSense firewall set up with my WAN on wan_ip_a.
I’ve got a FreePBX server that I’m wanting to assign wan_ip_b.

In pfSense, I’ve configured Firewall->Virtual IP and added my wan_ip_b to the list.

In Firewall->NAT->1:1, I’ve mapped wan_ip_b to the internal address of my FreePBX server.

In Firewall->Rules, I’ve added rules for passing traffic for 5060, 5160 and the UDP ports to my wan_ip_b destination.

The Issue:

I’m trying out SIPStation, and I used the FreePBX auto-detect network button – it returned wan_ip_b, which I was happy about. However, once I enter my SIPStation key, it attempts to contact Sangoma and fails. I reached out to Sangoma, and they reported that they are sending traffic to wan_ip_b, but the return traffic is coming from wan_ip_a. This causes the verification process to fail.

What could I check that could possibly cause this? I’m sure I’m doing something wrong, but I’m honestly out of ideas on where to look.

Thanks in advance.

LTS_Tom · January 11, 2020, 12:04pm

You need to change the outbound NAT routing so FreePBX will use WAN_IP_B. Also, other than for testing there is not really a reason to directly expose FreePBX via 1:1 NAT.

https://docs.netgate.com/pfsense/en/latest/book/nat/outbound-nat.html

plrpilot · January 11, 2020, 3:20pm

Ok – so I’ll show my ignorance here with one more question. I’m using a separate wan ip because I didn’t want to open all the ports (UDP, etc) on my main wan. I guess I thought I was doing a more secure thing by using a 1:1 to wan_ip_b than doing port forwarding. Is there a way to combine port forwarding so that I’m not using 1:1 to route to wan_ip_b?

Sorry if this is a stupid question. I’m reading all I can from the netgate docs and various blogs, but I’m still so new at NAT that it’s not all clicking, yet.

ssheridan · January 11, 2020, 7:23pm

You shouldn’t need to forward any ports to the FreePBX box, FreePBX will register direct with the VoIP provider quiet happily with and ports needing to be forwarded to the FreePBX box.

If you need to connect devices external to local network to your FreePBX you would do this via vpn