does one-to-one modify the source port number?

[wizdude]

greetings,

i have a public class C which will be facing my OPNsense box. i have configured a one-to-one NAT rule to map a public IP through to my phone system. i believe i have all of the appropriate firewall rules to permit inbound RTP and so forth.

one of the things i'm always careful with when implementing a new firewall is to ensure that there is no NAT ALG or similar on the box, as this always causes problems with SIP registrations with the voice provider.

i understand this is not in OPNsense unless i went out of my way to install the os-siproxd plugin, but I did see some notes online (perhaps quite old) that made reference to the source port being modified under certain circumstances.

on an outbound (SNAT) NAT rule i can see there is an option for "static-port" but this does not exists with a one-to-one NAT rule.

the way my phone system works: it assumes nothing is going to change the ports number when it talks out, and it stamps the outbound packets with the external WAN IP address that I have assigned it. this is the same WAN IP i am using in my one-to-one NAT rule.

are there any problems i should be looking out for with this?

many thanks in advance,

cheers, Wiz!!

[wizdude]

hi all,

just for anyone who reads this later or wants to know:

one-to-one NAT does not modify or mangle the source port number.

i did a setup today with our IP PBX and watched traffic arriving on the LAN interface and leaving the WAN interface. everything was identical with no change or translation of port numbers.

this was important to me and especially for RTP voice traffic that the port numbers stayed intact.

thanks again to the OPNsense team for their great work on this product.

cheers, Wiz!!