Trouble getting IP Phone to work
Volker
volker at vwsoft.com
Wed May 16 12:40:33 UTC 2007
On 12/23/-58 20:59, Henry wrote:
> I'm running PF.
> - I have an IP Phone here that uses the 3com NBX phone system.
> - Residential cable broadband connection with dynamic IP.
>
> When I use binat, the phone works 100%.
>
> When I use NAT with redirects to forward, the phone works partially.
> Some features don't work at all, and the others work sometimes.
>
> To further test, I had NAT on, redirect all traffic to the $phone and
> passed all traffic and it still doesn't work 100%.
>
> Example:
> ----------------------
> nat on $ext_if from !($ext_if) -> ($ext_if:0)
> rdr on $ext_if proto {tcp udp icmp} from any to ($ext_if) -> $phone
> block log all
> pass log all keep state
> ----------------------
>
> I see nothing being blocked, everything is passing and all incoming
> traffic should be going to the phone. So I'm kind of stumped. Any
> ideas?
Henry,
sounds like a routing problem. How's the default gateway (router)
being set on the phone? If it's correct, is variable $phone being set
right?
Do you see something in the pf logs? Does pf modify the destination
address as you expect it (to be the one of the phone)?
Anyway, I really hope the ruleset shown is not your production
ruleset. It's a damned wide open firewall... ;)
Are we talking about a SIP phone or what does the protocol look like?
If it's SIP, I can provide configuration examples, as I've finished
hacking pf rules for a snom 300 SIP phone, redirect connections from
the public outside to it and it's working fine for some weeks now.
Volker
More information about the freebsd-pf
mailing list