pfSense + FreePBX: No Port Forward Needed

On recent FreePBX video Tom release;

FreePBX One Year Follow up Review and The Phones We Use: Yealink YEA-W56P & Zoiper

my mind blown away when he said that no port forwarding needed. that is possible to deal only NAT when your FreePBX behind firewall (pfSense). I would like to know if there specific need to change on pfSense to able achieve this ?

As I stated in the video, no changes are needed in pfsense.


even on NAT Setting? I believe, I watched one of your pfSense video that you like your NAT settings to be on Hybrid NAT, rather than Automatic NAT which is default on pfSense.

I assume you use Siproxd - Proxy for handling NAT of multiple SIP devices to a single public IP ?

I see from the video you do not. Because you always have a control connection (on 5060/udp) from the local FreePBX server out and open to you upstream VoIP provider. And your VoIP provider can tell your local FreePBX server (through the control connection) to open a data connection out through pfSense firewall (No need for port-forwards) when a call arrives. (The concept seems similar to FTP data+control connections with 20+21/tcp)

Is that correctly understood.

Guess it is. :thinking:

Hybrid NAT is used for custom VPN and outgoing settings, not for FreePBX