Hello OPNSense forum how are you doing? It seems I managed to get my firewall to allow traffic to my freepbx server, unfortunately I didn't lock it down to only my SIP provider, now my got completely spammed, think I had over 1703 calls by the time I checked. In a panic and whilst on my phone I was meant to disable the rules instead I deleted it -.- and didn't backup the config.
I've recreated the rules to what I thought they would be, I can see on my WAN traffic is being allowed but my freepbx server isn't showing any logs on the console of the calls and it doesn't ring on my IP phone or on the phone I'm dialing my landline. Before I rebuilt the freepbx server I just want to QC my rules encase it was a stupid mistake I've made and over looked something. I see on pfTop they are being dropped and I'm trying to figure out why.
Here is my firewall rules and live log view https://imgur.com/a/E4RuPEB (https://imgur.com/a/E4RuPEB)
pfTop:
Up State 1-200/576, View: default, Order: source port
PR DIR SRC DEST STATE AGE EXP PKTS BYTES
udp In SIP-IP:5060 10.1.1.6:5060 NO_TRAFFIC:SINGLE 00:00:07 00:00:26 4 3572
udp Out SIP-IP:5060 10.1.1.6:5060 SINGLE:NO_TRAFFIC 00:00:07 00:00:26 4 3572
Int Proto Source -> Router -> Destination State
all udp 10.1.1.6:5060 (WAN-IP:5060) <- SIP-IP:5060 NO_TRAFFIC:SINGLE
all udp SIP-IP -> 10.1.1.6:5060 SINGLE:NO_TRAFFIC
Thanks, Leprejohn
Hi
what's in PBX_ports alias?
do you want to allow access only for voip_sip_provider?
(current rule for surevoip should not work afais)
can you enable looging on port forwading rules to see allowed packets?
what IPs is hidden on Live View screenshot?
Hi Fright please see the below:
what's in PBX_ports alias? Please see https://imgur.com/a/wKXyVce (https://imgur.com/a/wKXyVce)
do you want to allow access only for voip_sip_provider? Yes
(current rule for surevoip should not work afais)
can you enable looging on port forwading rules to see allowed packets? I have enabled logging however I can't figure out where to find the log files for the rule could you tell me where they would be so I can upload?
what IPs is hidden on Live View screenshot?The source was my VOIP, servers IP, the destination on the block ones were my WAN IP
new rules looks more correct for me.
except source ports - i think its should be "any" )
QuoteI have enabled logging however
hm. on screenshots i dont see blue 'i' icon on rule. looks like logging is disabled on "SIP port forward" rule
QuoteI can't figure out where to find the log files for the rule could you tell me where they would be so I can upload?
you can filter Live View log by ports again and if rule logging is enabled, maybe the picture will become a little clearer now
I think I've pulled the rules, I've attached them.
I'll update the rule again to allow any.
So I've updated the rule, but my phone doesn't ring, live view is allowing the traffic but I'm getting a pfTop still saying no traffic single
hm. log looks correct for me now. may be its time to packet capture and look on traffic at pbx port?
Quote from: Fright on February 12, 2021, 06:30:44 AM
hm. log looks correct for me now. may be its time to packet capture and look on traffic at pbx port?
Hey Fright thanks for the help, the issue was with the freepbx server, once I disabled the firewall it started allowing the traffic
glad to know. thanks for sharing the result