Date: Wed, 16 May 2007 14:39:57 +0200 From: Volker <volker@vwsoft.com> To: Henry <henry@stmpd.net> Cc: freebsd-pf@freebsd.org Subject: Re: Trouble getting IP Phone to work Message-ID: <464AFB9D.7080101@vwsoft.com> In-Reply-To: <CE96F513-0909-42FA-896B-FC5F8A39A738@stmpd.net> References: <CE96F513-0909-42FA-896B-FC5F8A39A738@stmpd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/23/-58 20:59, Henry wrote:
> I'm running PF.
> - I have an IP Phone here that uses the 3com NBX phone system.
> - Residential cable broadband connection with dynamic IP.
>
> When I use binat, the phone works 100%.
>
> When I use NAT with redirects to forward, the phone works partially.
> Some features don't work at all, and the others work sometimes.
>
> To further test, I had NAT on, redirect all traffic to the $phone and
> passed all traffic and it still doesn't work 100%.
>
> Example:
> ----------------------
> nat on $ext_if from !($ext_if) -> ($ext_if:0)
> rdr on $ext_if proto {tcp udp icmp} from any to ($ext_if) -> $phone
> block log all
> pass log all keep state
> ----------------------
>
> I see nothing being blocked, everything is passing and all incoming
> traffic should be going to the phone. So I'm kind of stumped. Any
> ideas?
Henry,
sounds like a routing problem. How's the default gateway (router)
being set on the phone? If it's correct, is variable $phone being set
right?
Do you see something in the pf logs? Does pf modify the destination
address as you expect it (to be the one of the phone)?
Anyway, I really hope the ruleset shown is not your production
ruleset. It's a damned wide open firewall... ;)
Are we talking about a SIP phone or what does the protocol look like?
If it's SIP, I can provide configuration examples, as I've finished
hacking pf rules for a snom 300 SIP phone, redirect connections from
the public outside to it and it's working fine for some weeks now.
Volker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?464AFB9D.7080101>