Struggling with router SIP traffic. (pfsense)

Long story (shorter) is I added a pfsense router to my network thinking that it would help diagnose trouble with calls reaching my PBX. I had a TP-Link Archer A9 which seemingly was doing a good job. (The trouble I had with calls hitting my PBX was my cable modem changed IP addresses without me noticing, but I suspected router issues)

Anyhow since installing the pfsense router and letting it handle all DHCP, (the router has all stock settings) it seems the firewall blocks all SIP traffic. Perhaps this is expected on a more commercial router. The A9 router required no port forwarding. All incoming/outgoing SIP calls worked normally. With pfsense I noticed in the sys logs that the firewall was blocking 5060 requests from Telnyx’s IP. I added firewall rules and a NAT port forward to allow 5060 traffic from Telnyx to hit my PBX. That worked well for several days, but now calls aren’t hitting my PBX again. I noticed when setting up the rules initially that sngrep would detect calls on different ports like 45670, but wouldn’t answer this. Typically it lists 5060 when the call is received. I’ve noticed Telnyx seems to indicate that they send out a call from their IP on 5060, and it reaches my modem IP on 29160 for instance on this latest missed call.

I figure I have some port forward or firewall rule setup incorrectly. I fear I’ll wind up just resorting back to the TP-Link router, but I’d like to get the pfsense router to work.

Any advise is very welcomed. Thank you.

Assuming that you are using registration for your Telnux trunks, disable source port rewriting; see

and set the firewall optimization to conservative.

If using IP auth, allow all addresses from which Telnyx can send calls in Match (Permit) and firewall rules: Whitelisting Telnyx IP Addresses | Telnyx Support.

If you still have trouble, consider using SIP over TLS to prevent the firewall from messing with the packets.

Thank you again Stewart, I believe you helped me the last time. Your advise again has been spot on. Setting the firewall optimization to conservative has resolved the issues I was having. I was even able to turn off the port forwarding and firewall rules I had made to pass traffic through from Telnyx, and it’s working normally. It is a registration truck that I use with Telnyx, but I wasn’t able to completely understand the source port rewriting tip you gave me.

I’m a novice with networking, but I’ve got a book on order that I’ll read soon which will hopefully clear some of this stuff up for me. Thanks again for your help.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.