SIP Server behind pfSense

Hi All,

Again i need the collectives help on this one.

I have a netgate 6100 firewall thats configured and was working until 6 weeks ago. Its currently in a state of working for everyone apart from a client that has an on-prem IPEX100 SIP server and IP phone system. This has worked in the past but now its borked.

I have a static ip port forwarded using aliases for ports and servers, although i have created cascading single rules and NAT entries to see if the aliases were not playing correctly. Outbound NAT for this Static is working perfectly, but nothing forwarded is getting to the internal SIP address.

Any ideas what i might be missing?

BTW 6 weeks ago it was patched to the lastest pfSense kernal and patches. I have reversed the patches but the system isnt ZFS and so i cannot go back on the rest.

Can we see your NAT rules, outbound NAT rules, and WAN rules? Are you using a hybrid outbound NAT?

Setup another server behind the pfsnese and set it to listen to the inbound traffic, if it comes to that server but not to the SIP server then the issue is there and not pfsense.

Firewall Rule:
LilycomSIP is an alias of their Internet based SIP Servers

SIP Ports is an alias of the SIP Ports they require

Port forward

Outbound NAT

When i run pfSense packet capture for 5060 on the WAN interface the traffic does show everytime i make a phone call to the number

I’m unsure at this point what im meant to see as all i get is a message after 10s saying “number you have dialled is not recognised” If i put the capture on their VLAN or the LAN interface i see no traffic logged

Any thoughts on the below?

Sounds like the SIP server is not registering, I would look for the error there.

So i enabled logging for the NAT and Firewall rule to see the traffic.

When i make a phone call i see this when filtering for 5060 on the WAN port

And this on States

This clearly shows the external IP address of the provider SIP gateway, connecting to the static IP address and then the internal IP address of their SIP Server.

This to me proves that the firewall is passing the traffic and the Phone server isn’t answering.

Just looking for confirmation that i’m correct in this deduction. And that the problem lies with the providers on prem equipment. Thanks in advance.

Yes if the data is going through the firewall then the issue seems likely to be the SIP system.

1 Like


Just wanted to close off this thread by saying thanks for all the bumps in the right direction. Turns out I should trust myself a little more when it comes to these things.

The SIP company insisted it was the firewall being the issue, but I have managed to prove without a shadow of a doubt it is not.

Now it’s down to them