From owner-freebsd-pf@FreeBSD.ORG Sun Oct 21 21:09:36 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E328F16A417 for ; Sun, 21 Oct 2007 21:09:36 +0000 (UTC) (envelope-from func@okejl.dk) Received: from mx03.stofanet.dk (mx03.stofanet.dk [212.10.10.13]) by mx1.freebsd.org (Postfix) with ESMTP id A842D13C4AA for ; Sun, 21 Oct 2007 21:09:36 +0000 (UTC) (envelope-from func@okejl.dk) Received: from 3e6b63fa.rev.stofanet.dk ([62.107.99.250] helo=shh.okejl.dk) by mx05.stofanet.dk (envelope-from ) with esmtp id 1IjOQ3-0000hB-0u; Sun, 21 Oct 2007 02:11:51 +0200 Received: from wibble.okejl.dk (wibble.okejl.dk [192.168.0.200]) by shh.okejl.dk (8.13.8/8.13.8) with ESMTP id l9L0BIPb068245; Sun, 21 Oct 2007 02:11:18 +0200 (CEST) (envelope-from func@okejl.dk) Received: from wibble.okejl.dk (localhost [127.0.0.1]) by wibble.okejl.dk (8.13.8/8.13.8) with ESMTP id l9L0BGsc038838; Sat, 20 Oct 2007 18:11:16 -0600 (MDT) (envelope-from func@wibble.okejl.dk) Received: (from func@localhost) by wibble.okejl.dk (8.13.8/8.13.8/Submit) id l9L0BGZU038837; Sat, 20 Oct 2007 18:11:16 -0600 (MDT) (envelope-from func) Date: Sat, 20 Oct 2007 18:11:16 -0600 From: =?iso-8859-1?Q?Asbj=F8rn?= Clemmensen To: Dave Message-ID: <20071021001115.GA38102@wibble.okejl.dk> References: <000301c80aca$99695db0$0200a8c0@satellite> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <000301c80aca$99695db0$0200a8c0@satellite> User-Agent: mutt-ng/devel-r804 (FreeBSD) Cc: freebsd-pf@freebsd.org Subject: Re: pf and sip X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Oct 2007 21:09:37 -0000 > Hello, > I've got a FreeBSD 6.2 gateway/router/firewall providing nat services among others. I've just tried to hook up voip phone services, i did some checking and it is > using the sip protocol. I'm not getting a dial tone and calls aren't happening. According to the digital box i have it can't contact the login server. Below are my pf > rules. If anyone has pf and sip working i'd be interested in hearing from you. Try looking into siproxd from the ports system. Also check their website[1] which details what ports need to be forwarded. This of course requires your phones to be able to use a proxy. [1] http://siproxd.sourceforge.net/ > Thanks. > Dave. > > ipphone1="192.168.0.9" > sip="5060" > sip1="5061" > # One translation line per IP phone. static-port is necessary to make pf retain the UDP > # ephemeral port, so that the remote SIP proxy knows what session we belong to > nat on $ext_if proto udp from $ipphone1 to any -> ($ext_if) static-port > # experimental sip for viatalk > pass in quick on $int_if inet proto udp from 192.168.0.9 port $sip to any keep state > pass in quick on $int_if inet proto udp from 192.168.0.9 port $sip1 to any keep state > pass out quick on $ext_if inet proto udp from $int_if port $sip to any keep state > pass out quick on $ext_if inet proto udp from $int_if port $sip1 to any keep state -- Asbjørn Clemmensen