I’m forwarding a PSTN number into my FreePBX environment via SIP URI (don’t ask why, it’s the only supported way atm).
I followed the excellent guide in the second post of this thread (Sip uri) to set up the incoming route and set the DID and then when I call the PSTN number it rings but never shows up in the Asterisk logs.
If I disable the firewall then the call connects and proceeds to my IVR without a problem.
Is there a way I can create a custom rule in the firewall to allow calls only from the one forwarding provider?
Connectivity -> Firewall, Networks tab. At the bottom, enter the provider’s IP address, choose the Trusted zone, click +.
However, your setup is somewhat strange. Had you simply configured a pjsip trunk with Registration: None, Authentication: None, SIP Server: (provider’s IP address), then the firewall would be automatically set up. https://wiki.freepbx.org/display/FPG/Firewall
See first FAQ.
No, this is the most robust way to do SIP trunking. It eliminates the possibility of “lost registration” and is somewhat more secure, because there are no provider credentials to get stolen. Also, it allow the provider to send a call from an alternate POP site, if the first failed or your PBX is unreachable from its address. I use registration only when IP authentication is unavailable.
Usually called “IP authentication”, it is the only interconnect method supported by most wholesalers, and is available as a (recommended) option by most business-oriented retailers.
Perhaps not. The IP is in the channel name for chan_sip calls, but not for pjsip. Two different examples of an anonymous call from IP 10.224.50.2:
[2020-04-03 12:44:28] VERBOSE[C-00000019] pbx.c: Executing [[email protected]:1] NoOp("SIP/10.224.50.2-00000009", "Received incoming SIP connection from unknown peer to 5005") in new stack
[2020-04-03 12:46:12] VERBOSE[C-0000001a] pbx.c: Executing [[email protected]:1] NoOp("PJSIP/anonymous-00000022", "Received incoming SIP connection from unknown peer to 5005") in new stack
You could write your own anon context using from-sip-external as the basis, and add lines to log the IP of the calling party. There is dialplan here that shows how to get IP: Need help with multiple locations e911