From owner-freebsd-ipfw@freebsd.org Tue Sep 26 23:51:37 2017 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 70FCBE25F2E for ; Tue, 26 Sep 2017 23:51:37 +0000 (UTC) (envelope-from graham@menhennitt.com.au) Received: from homiemail-a125.g.dreamhost.com (sub5.mail.dreamhost.com [208.113.200.129]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 531138088E for ; Tue, 26 Sep 2017 23:51:36 +0000 (UTC) (envelope-from graham@menhennitt.com.au) Received: from homiemail-a125.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a125.g.dreamhost.com (Postfix) with ESMTP id 8C60F60000E02 for ; Tue, 26 Sep 2017 16:51:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=menhennitt.com.au; h= subject:to:references:from:message-id:date:mime-version :in-reply-to:content-type:content-transfer-encoding; s= menhennitt.com.au; bh=0Q0+I9Ea7SNmDAFsir5qLxalGQo=; b=OMJLDMuJ1k 4hzvr0u3aotN+fkZgJOZ0dXTGZKPdgKX4VGJlcZyQJ99ifvbJACJuVzvBAq7QNs0 Cx2rQ4OkCwGv5XyzbB45rl/r/Kx9zDyKg9K2IFshB9uCcAMfwqgGhD2Cd2uESa4C UaKZYuV0KiDwbHENxhGbB4Ysc9u+JYhLc= Received: from [137.237.172.142] (unknown [192.160.117.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: graham@menhennitt.com.au) by homiemail-a125.g.dreamhost.com (Postfix) with ESMTPSA id D9C6560000E00 for ; Tue, 26 Sep 2017 16:51:29 -0700 (PDT) Subject: Re: FreeBSD, IPFW and the SIP/VoIP NAT problem To: freebsd-ipfw@freebsd.org References: <20170926143503.66f6532c@freyja.zeit4.iv.bundesimmobilien.de> From: Graham Menhennitt Message-ID: <76cb9b72-53ac-eadc-f921-dc01808a9aeb@menhennitt.com.au> Date: Wed, 27 Sep 2017 09:51:25 +1000 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <20170926143503.66f6532c@freyja.zeit4.iv.bundesimmobilien.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-AU X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Sep 2017 23:51:37 -0000 On 26/09/2017 10:35 PM, O. Hartmann wrote: > Hello, > > trying to build a FreeBSD based router/PBX (Asterisk 13) appliance, I ran into > several problems. My questions might have a "noobish" character, so my apology, > my experiences with IPFW are not as thorough as they should be. > > ... > The FreeBSD system acting as a router is supposed to have a jail soon > containing the Asterisk 13 IP PBX (at the moment running on the main system). > To provide access to the VoIP infrastructure inside/behind the router/NAT > system, the in-kernel NAT facility of FreeBSD is forwarding the relevant > UPD/TCP ports for VoIP to its destination network, and here I have a problem to > solve. Does your VoIP provider allow IAX2 protocol as well as SIP? Many do. Then you can avoid the problem completely. Graham