I have forwarded a total of four ports successfully and have tested them for passthrough but for some idiotic reason, I am unable to open SIP 5060 UDP for one VOIP phone behind the OPNsense. I have used the exact same firewall rules for all of them but this 5060 just won't work.
CISCO IP PHONE SPA504G has a static IP address (and I changed that just for kicks to see)
Firewall:
NAT: Port Forward
Interface --> WAN
TCP/IP Version --> IPv4
Protocol --> UDP
Source Port Range --> Advanced / any-any
Destination --> WAN Address
Destination port range --> from: SIP to: SIP
Redirect target IP --> Phone (Alias set up as 192.168.0.10)
Redirect target port --> SIP
Pool Options --> Default
Description --> VOIP
NAT reflection --> Enable
Filter rule association --> Pass
Thank You in advance ...
(https://www.todaysparent.com/wp-content/uploads/2011/07/frustrated-toddler-article.jpg)
Have a read of this:
https://blog.simwood.com/2016/03/sip-signalling-tcp-or-udp/ (https://blog.simwood.com/2016/03/sip-signalling-tcp-or-udp/)
My fw rule is TCP/UDP.
Thanks, but that wasn't the key to it. I had heard that 5060 wasn't always UDP. When I look at the live logs and then make a phone call, there is a "default" rule somewhere blocking this port 5060
(https://i.ibb.co/Qd9NqFt/Capture-JPG.png)
Have you tried using the os-siproxd plugin?
Quote from: 405Computer on June 09, 2020, 12:06:44 AM
Thanks, but that wasn't the key to it. I had heard that 5060 wasn't always UDP. When I look at the live logs and then make a phone call, there is a "default" rule somewhere blocking this port 5060
(https://i.ibb.co/Qd9NqFt/Capture-JPG.png)
These logs show you that the destination port is NOT 5060 but some other (prolly) random port. The source port is 5060 though so you should prolly add an extra FW rule to PASS SRC.PORT == 5060.