pfSense Gold Subscription

Author Topic: PFSense support SIP Traffic Through NAT?  (Read 1778 times)

0 Members and 1 Guest are viewing this topic.

Offline alestan3

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
PFSense support SIP Traffic Through NAT?
« on: April 05, 2012, 10:59:35 am »
First question: see subject header

Second question:  In regards to SIP and NAT does PFSense rewrite packets to have the external IP on it?

Thank you!

Offline stephenw10

  • Hero Member
  • *****
  • Posts: 8153
  • Karma: +5/-0
    • View Profile
Re: PFSense support SIP Traffic Through NAT?
« Reply #1 on: April 05, 2012, 11:19:25 am »
|'ve not had cause to try it myself but I think this is what you're looking for:
http://doc.pfsense.org/index.php/Siproxd_package

Steve

Online cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6332
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: PFSense support SIP Traffic Through NAT?
« Reply #2 on: April 06, 2012, 12:12:04 am »
first question: of course.

second question:  by default, no, and generally that's bad (lots of the devices that do so break SIP in various ways), but if you're in a scenario where that's a must, siproxd does so.

Offline dhatz

  • Hero Member
  • *****
  • Posts: 1002
  • Karma: +0/-0
    • View Profile
Re: PFSense support SIP Traffic Through NAT?
« Reply #3 on: April 06, 2012, 03:49:09 am »
Quote
PFSense support SIP Traffic Through NAT?

pfsense does not do any special handling of SIP traffic, i.e. by default it doesn't enable any "proxy" (aka ALG Application Level Gateway). SIP traffic is handled just like all other traffic. This is generally a good thing, because many SIP ALGs implemented in routers break things.

However, since the pf (packet filter used by pfsense) implements the so-called "symmetric NAT" (more) i.e. the most restrictive (and secure) type of NAT, on average it leads to more headaches with non-NAT-aware protocols (like SIP) than if you were using a NAT firewall implementing a more permissive NAT algo.

Developments of NAT traversal technologies (STUN, ICE etc) in recent years have made things much easier with SIP, so it boils down to the capabilities and configuration of both your SIP device and your VoIP provider, which is why there isn't really a single configuration that one could post here for every pfsense user to use.

Offline stephenw10

  • Hero Member
  • *****
  • Posts: 8153
  • Karma: +5/-0
    • View Profile
Re: PFSense support SIP Traffic Through NAT?
« Reply #4 on: April 06, 2012, 07:09:14 am »
"symmetric NAT" (more) i.e. the most restrictive (and secure) type of NAT.

Wow, 100% pure information on that page. I just discovered I knew nothing.
Thanks Dhatz.  :)

Steve