Editing Introduction to a Self Managed Life: a 13 hour & 28 minute presentation by FUTO software (section)

== Step 10: Setting Up pfSense Firewall Rules for FreePBX with UniTel SIP Services ==

To make sure your FreePBX system (located at <code>192.168.5.6</code>) is able to connect to UniTel’s SIP service and receive calls with two-way audio that actually work, we need to create NAT rules &amp; corresponding firewall rules that only allow traffic from UniTel’s approved IPs. Next we’ll walk you through setting up aliases for UniTel’s IPs, creating NAT rules, &amp; making sure SIP and RTP traffic flows correctly.

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_694465ad.png
File:lu67917r1ezu_tmp_f3d60c6e.png
</gallery> Create aliases for UniTel’s IPs

<span id="step-10.1-log-in-to-your-pfsense-web-interface"></span>
==== Step 10.1: Log in to Your pfSense Web Interface ====

# Open a web browser and navigate to: <code>https://pfsense.home.arpa</code> or [https://192.168.5.1/ https://192.168.5.1]
# Enter your pfSense admin credentials.

<span id="step-10.2-add-an-alias-for-unitels-sip-signaling-ips"></span>
==== Step 10.2: Add an Alias for UniTel’s SIP Signaling IPs ====

# Go to '''Firewall''' &gt; '''Aliases'''.
# Click '''Add''' (+) to create a new alias.
# Configure the alias as follows:
#* '''Name''': <code>Unitel_SIP_IPs</code>
#* '''Description''': <code>SIP Signaling IPs from UniTel</code>
#* '''Type''': <code>Host(s)</code>
#* '''IP Addresses''':
Add each of the following SIP IP addresses: '''''THIS MAY CHANGE, CHECK UNITEL GETTING STARTED PAGE TO MAKE SURE THESE ARE THE RIGHT ONES!'''''
#** <code>199.180.220.89</code>
#** <code>199.180.220.91</code>
#** <code>208.89.104.3</code>
# Click '''Save''', then '''Apply Changes'''.

<span id="step-10.3-add-an-alias-for-unitels-media-ips"></span>
==== Step 10.3: Add an Alias for UniTel’s Media IPs ====

# In the '''Aliases''' section, click '''Add''' again to create another alias.
# Configure the alias as follows:
# '''Name''': Unitel_Media_IPs
# '''Description''': Media IPs for UniTel SIP Services
# '''Type''': Host(s)
# '''IP Addresses''': Add each of the following media IP addresses: '''''THIS MAY CHANGE, CHECK UNITEL GETTING STARTED PAGE TO MAKE SURE THESE ARE THE RIGHT ONES!'''''
#* 199.180.223.109
#* 45.55.33.77
#* 157.230.238.197
#* 45.33.70.196
#* 45.33.71.83
#* 159.65.107.252
#* 45.33.14.21
#* 159.89.122.218
#* 167.71.237.189
#* 172.104.226.108
#* 139.162.250.71
# Click '''Save''', then '''Apply Changes'''.

<span id="setting-up-nat-port-forward-firewall-rules"></span>
=== Setting up NAT port forward &amp; firewall rules ===

<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:lu67917r1ezu_tmp_3c485302.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:image-20241107012035037.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:image-20241107012048982.png
</gallery>

</div>
<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:image-20241107012056979.png
</gallery>

</div>
<span id="configure-nat-port-forwards-for-freepbx-signalling"></span>
==== 10.4 Configure NAT port forwards for FreePBX signalling ====

# Navigate to '''Firewall''' &gt; '''NAT'''.
# Under the '''Port Forward''' tab, click '''Add''' to create a new NAT rule.
# Configure the rule as follows:
#* '''Interface''': WAN
#* '''Protocol''': UDP
#* '''Destination''': WAN address
#* '''Destination Port Range''':
#** From: 5060
#** To: 5065 (for SIP signaling)
#* '''Redirect Target IP''': Enter your PBX IP: 192.168.5.6
#* '''Redirect Target Port''':
#** From: 5060
#** To: 5065
#* '''Source''': Select Single host or alias and choose Unitel_SIP_IPs.
#* '''Description''': Forward SIP Traffic from UniTel to FreePBX
# Click '''Save''', then '''Apply Changes'''.

<div class="figure">

<gallery mode="packed-hover" heights=250 widths=400 perrow=2>
File:image-20241107012336127.png
</gallery>

</div>
<span id="set-up-nat-port-forwards-for-rtp-media-traffic"></span>
==== 10.5 Set Up NAT port forwards for RTP (Media) Traffic ====

# In the '''Port Forward''' tab, click '''Add''' to create another NAT rule.
# Configure the rule as follows:
#* '''Interface''': WAN
#* '''Protocol''': UDP
#* '''Destination''': WAN address
#* '''Destination Port Range''':
#** From: 10000
#** To: 20000 (for RTP media traffic)
# '''Redirect Target IP''': Enter your PBX IP: 192.168.5.6
# '''Redirect Target Port''':
#* From: 10000
#* To: 20000
# '''Source''': Select Single host or alias and choose <code>Unitel_Media_IPs</code>.
# '''Description''': Forward RTP Traffic from UniTel to FreePBX
#* Click '''Save''', then '''Apply Changes'''.

<span id="verify-automatic-firewall-rules"></span>
==== 10.6 Verify Automatic Firewall Rules ====

# After creating the NAT rules, go to '''Firewall''' &gt; '''Rules'''.
# In the '''WAN''' tab, confirm that the firewall rules were automatically created for:
## '''SIP Traffic''' (ports 5060-5065) pointing to 192.168.5.6 and restricted to <code>Unitel_SIP_IPs</code>.
## '''RTP Traffic''' (ports 10000-20000) pointing to 192.168.5.6 and restricted to <code>Unitel_Media_IPs</code>.

<span id="test-the-configuration"></span>
==== 10.7 Test the Configuration ====

# Make sure that your FreePBX system can register with UniTel’s SIP servers.
# Make a test call to make sure both SIP signaling and media (audio) traffic are functioning correctly.
# Make sure that when you end a phone call, both the caller &amp; recipient notice that it has ended immediately.
# Make sure you have two-way audio.
# Leave a call on for fifteen minutes and make sure it doesn’t hang up by itself.

<span id="step-11-troubleshooting-when-it-doesnt-work.-its-open-source-so."></span>