dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1379
share rss forum feed

zephxiii

join:2012-12-12
Fort Wayne, IN

[Asterisk] Pfsense randomly blocking incoming calls...

I noticed that pfsense is randomly blocking an incoming call from callcentric. I can see the callcentric server hit the firewall at the time of the call.

Now this does not happen often (calls come in 95% of the time), maybe once or twice a day in a short period. I happened to make a call this morning and i got the "unavailable" message. I called right back and it got through.

It seems like a state is timing out or something in pfsense.

This has been happening all along but it didn't really stand out until after our numbers ported in. This because i had call treatments on the DID that our orig. number would forward to which thus forwarded to my Voip.ms backup DID on not-registered or unreachable. Once our orig. number port was successful there were no treatments thus calls didn't come in at all instead of route through the backup trunk.

I have since applied those failover call treatments to our orig. number.

Now that it has stood out and I see why I am interested in seeing what I can do to fix it. I have pfsense running in conservative mode, but that didn't seem to help it.


XCOM
digitalnUll
Premium
join:2002-06-10
Spring, TX
Reviews:
·ObiVoice
·flowroute
·Comcast

1 edit
That's because callcentric uses DNS SRV and they have a CIDR block. You need to add all of their IP's to your rule if not you will get a random IP every so often and your Firewall will block those IP's you do not have in place.

Edit:

From CC FAQ:

quote:
What IP blocks should I add to my router/firewall?

If you have a secured/restricted network and need to know the ports and IP addresses to allow for Callcentric then please use the information below.

NOTE: In general ports 5060-5080 should be allowed in order to properly communicate with the Callcentric servers. Users experiencing audio issues may want to check that RTP audio is not blocked by their firewall configuration:

IP addresses/Networks

204.11.192.0/24

OR

204.11.192.0 - 204.11.192.255
Good Luck.
--
[nUll@dcypher ~]$

zephxiii

join:2012-12-12
Fort Wayne, IN
That's what i started with and i have a list of IPs for Alpha1-20 and the block they fall in entered into pfsense...but this morning's call didn't come through but didn't show up in the firewall log probably because of the rule.

So i'm thinking i'm not sure exactly how to configure the rule in pfsense.


XCOM
digitalnUll
Premium
join:2002-06-10
Spring, TX
Reviews:
·ObiVoice
·flowroute
·Comcast
said by zephxiii:

That's what i started with and i have a list of IPs for Alpha1-20 and the block they fall in entered into pfsense...but this morning's call didn't come through but didn't show up in the firewall log probably because of the rule.

So i'm thinking i'm not sure exactly how to configure the rule in pfsense.

There is more IP's than that.... Look at my post is a /24. Did the IP that got blocked in your allowed IP's?
--
[nUll@dcypher ~]$

gweidenh

join:2002-05-18
Houston, TX
kudos:3
reply to zephxiii


XCOM
digitalnUll
Premium
join:2002-06-10
Spring, TX
Reviews:
·ObiVoice
·flowroute
·Comcast
I all ways use normal and never had issues. Even with CC.
He has that option turn on as posted on the original post.
--
[nUll@dcypher ~]$

zephxiii

join:2012-12-12
Fort Wayne, IN
reply to zephxiii
Well i haven't had any blocked calls since i added an 204.11.192.0/24 UDP allow rule that I can see. woot woot.


XCOM
digitalnUll
Premium
join:2002-06-10
Spring, TX
Reviews:
·ObiVoice
·flowroute
·Comcast
said by zephxiii:

Well i haven't had any blocked calls since i added an 204.11.192.0/24 UDP allow rule that I can see. woot woot.

Good news.
--
[nUll@dcypher ~]$