Date: Wed, 16 May 2007 14:39:57 +0200 From: Volker <volker@vwsoft.com> To: Henry <henry@stmpd.net> Cc: freebsd-pf@freebsd.org Subject: Re: Trouble getting IP Phone to work Message-ID: <464AFB9D.7080101@vwsoft.com> In-Reply-To: <CE96F513-0909-42FA-896B-FC5F8A39A738@stmpd.net>
index | next in thread | previous in thread | raw e-mail
On 12/23/-58 20:59, Henry wrote:
> I'm running PF.
> - I have an IP Phone here that uses the 3com NBX phone system.
> - Residential cable broadband connection with dynamic IP.
>
> When I use binat, the phone works 100%.
>
> When I use NAT with redirects to forward, the phone works partially.
> Some features don't work at all, and the others work sometimes.
>
> To further test, I had NAT on, redirect all traffic to the $phone and
> passed all traffic and it still doesn't work 100%.
>
> Example:
> ----------------------
> nat on $ext_if from !($ext_if) -> ($ext_if:0)
> rdr on $ext_if proto {tcp udp icmp} from any to ($ext_if) -> $phone
> block log all
> pass log all keep state
> ----------------------
>
> I see nothing being blocked, everything is passing and all incoming
> traffic should be going to the phone. So I'm kind of stumped. Any
> ideas?
Henry,
sounds like a routing problem. How's the default gateway (router)
being set on the phone? If it's correct, is variable $phone being set
right?
Do you see something in the pf logs? Does pf modify the destination
address as you expect it (to be the one of the phone)?
Anyway, I really hope the ruleset shown is not your production
ruleset. It's a damned wide open firewall... ;)
Are we talking about a SIP phone or what does the protocol look like?
If it's SIP, I can provide configuration examples, as I've finished
hacking pf rules for a snom 300 SIP phone, redirect connections from
the public outside to it and it's working fine for some weeks now.
Volker
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?464AFB9D.7080101>