Discussion:
[pfSense] SIP Port forwarding - will the SIP Proxy help me with this?
Moshe Katz
2018-03-11 02:19:44 UTC
Permalink
I have an installation with a single public IP address that uses an
Asterisk PBX connected to a Twilio SIP Trunk. The provider does not offer
additional IP addresses.

Right now, in order for the SIP audio to work, I need to forward UDP ports
10000-20000 to the PBX since Twilio says media can come on any of those
ports.
However, this breaks the ability of other users on that connection to use
WebRTC media because WebRTC uses that same port range for media.

The only real information that I have found discussed in the past is about
using sipproxd in the case of having multiple SIP devices inside the
firewall to allow all of them to use port 5060 (SIP signaling) and have the
firewall rewrite the SIP traffic for each one.

However, I can't seem to find any information about my use-case of a single
SIP device and not having to forward the ports for the media.
Can sipproxd help me with that?
Any other ideas?

Thanks,
Moshe

--
Moshe Katz
-- ***@gmail.com
-- +1(301)867-3732
Jon Gerdes
2018-03-23 13:31:08 UTC
Permalink
You could create an alias for the inbound IPs for SIP/RTC and limit the
source on the NAT rule with that alias. Then your WebRTC users will
be unaffected because their src/dst/port triplet will not match that
NAT.

https://www.twilio.com/docs/api/voice/sip-interface - see IP address
whitelist.

Cheers
Jon
Post by Moshe Katz
I have an installation with a single public IP address that uses an
Asterisk PBX connected to a Twilio SIP Trunk. The provider does not offer
additional IP addresses.
Right now, in order for the SIP audio to work, I need to forward UDP ports
10000-20000 to the PBX since Twilio says media can come on any of those
ports.
However, this breaks the ability of other users on that connection to use
WebRTC media because WebRTC uses that same port range for media.
The only real information that I have found discussed in the past is about
using sipproxd in the case of having multiple SIP devices inside the
firewall to allow all of them to use port 5060 (SIP signaling) and have the
firewall rewrite the SIP traffic for each one.
However, I can't seem to find any information about my use-case of a single
SIP device and not having to forward the ports for the media.
Can sipproxd help me with that?
Any other ideas?
Thanks,
Moshe
--
Moshe Katz
-- +1(301)867-3732
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Continue reading on narkive:
Search results for '[pfSense] SIP Port forwarding - will the SIP Proxy help me with this?' (Questions and Answers)
5
replies
What is the best router to use for sunrocket voip?
started 2006-05-17 19:50:00 UTC
computer networking
Loading...