From owner-freebsd-pf@FreeBSD.ORG Tue Oct 9 23:17:49 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D0C416A417 for ; Tue, 9 Oct 2007 23:17:49 +0000 (UTC) (envelope-from dmehler26@woh.rr.com) Received: from ms-smtp-02.ohiordc.rr.com (ms-smtp-02.ohiordc.rr.com [65.24.5.136]) by mx1.freebsd.org (Postfix) with ESMTP id 2E56F13C4AA for ; Tue, 9 Oct 2007 23:17:48 +0000 (UTC) (envelope-from dmehler26@woh.rr.com) Received: from satellite (cpe-65-31-42-110.woh.res.rr.com [65.31.42.110]) by ms-smtp-02.ohiordc.rr.com (8.13.6/8.13.6) with SMTP id l99NHieQ001320 for ; Tue, 9 Oct 2007 19:17:45 -0400 (EDT) Message-ID: <000301c80aca$99695db0$0200a8c0@satellite> From: "Dave" To: Date: Tue, 9 Oct 2007 19:17:44 -0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="Windows-1252"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 X-Virus-Scanned: Symantec AntiVirus Scan Engine Subject: pf and sip X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Dave List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Oct 2007 23:17:49 -0000 Hello, I've got a FreeBSD 6.2 gateway/router/firewall providing nat services among others. I've just tried to hook up voip phone services, i did some checking and it is using the sip protocol. I'm not getting a dial tone and calls aren't happening. According to the digital box i have it can't contact the login server. Below are my pf rules. If anyone has pf and sip working i'd be interested in hearing from you. Thanks. Dave. ipphone1="192.168.0.9" sip="5060" sip1="5061" # One translation line per IP phone. static-port is necessary to make pf retain the UDP # ephemeral port, so that the remote SIP proxy knows what session we belong to nat on $ext_if proto udp from $ipphone1 to any -> ($ext_if) static-port # experimental sip for viatalk pass in quick on $int_if inet proto udp from 192.168.0.9 port $sip to any keep state pass in quick on $int_if inet proto udp from 192.168.0.9 port $sip1 to any keep state pass out quick on $ext_if inet proto udp from $int_if port $sip to any keep state pass out quick on $ext_if inet proto udp from $int_if port $sip1 to any keep state