Netgate SG-1000 microFirewall

Author Topic: SIP traffic can't pass for specific network  (Read 138 times)

0 Members and 1 Guest are viewing this topic.

Offline dimitrov_b

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
SIP traffic can't pass for specific network
« on: November 30, 2017, 01:09:24 pm »
Hello,

I have a very wired situation with forwarding sip traffic. When I create rules to accept traffic from different sip providers all of them are working except one. I can see with tcpdump that packets are comming but they just don't want to pass through firewall. If I delete the rule for this network I am expecting to see (in the firewall log) that request are blocked, because there is no rule to accept them. Unfortunatelly there is nothing in the log. If I delete all rules and pass all sip traffic from anywhere this particular network is again not working. Firewall version is 2.3.2. Network starts with 85...

Thanks!

Offline wussupi83

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: SIP traffic can't pass for specific network
« Reply #1 on: November 30, 2017, 09:31:47 pm »
Could you give us more information? Show us the rules you have configured (or post your /tmp/rules.debug file) and show the tcdump with the packets or a packet capture on your WAN interface and the inside interface where the packets should be routed to?

Offline chpalmer

  • Hero Member
  • *****
  • Posts: 1762
  • Karma: +93/-3
    • View Profile
    • Home of Cablenut
Re: SIP traffic can't pass for specific network
« Reply #2 on: December 01, 2017, 12:14:01 am »

I never forward SIP nor RTP traffic.

Better to build firewall rules without adding any port forwarding rules.

P.S. statements made by me are not necessarily condoned by the management of this fine organization.  http://badmodems.com

Offline dimitrov_b

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: SIP traffic can't pass for specific network
« Reply #3 on: December 01, 2017, 04:21:19 am »

I never forward SIP nor RTP traffic.

Better to build firewall rules without adding any port forwarding rules.

How should I do this? I have virual ip 1.1.1.1 set on the firewall  and server 2.2.2.2 behind the firewall. Now I have nat rule to forward all with src 3.3.3.3:5060 (sip provider) and dst 1.1.1.1:5060  to  2.2.2.2:5060. "Firewall rule association" is automatically created.