Friday, August 7, 2009

SIP Trunking Gotcha with pfsense & m0n0wall

Jonathan Peterson from Ontra ran into some trouble with SIP Trunking and sipXecs that was actually being introduced by pfsense & m0n0wall.

I thought I'd just document it here for future reference (mine as well as others)...

It seems that some firewalls will randomize outbound ports. This can mess up certain protocols such as SIP. With SIP, if the source port for the REGISTER does not match the source port for the INVITE you may get an SIP error 403.

The solution is to statically map the ports for the NAT traversal. The solution to the problem is documented here.

Thanks to Jonathan for putting in the hard work!

No comments: