perhaps pfSense isn't sending the keep-alive packets like we expect?<div><br></div><div>You can look in switch_nat.c for details.<br><br><div class="gmail_quote">On Tue, Feb 9, 2010 at 9:44 AM, Troy Anderson <span dir="ltr"><<a href="mailto:troy@tlainvestments.com">troy@tlainvestments.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div style="word-wrap:break-word"><div>I did do a nap_map status when the ports were missing from pfSense and FS thought they were still open. I didn't know about nat_map republish, but will try next time. I think the timeframe is days, so this is kind of hard to diagnose. I may add a periodic nat_map republish from fs_cli to our production systems.</div>
<div><br></div>In any case, I'll keep an eye on it and try nat_map republish next time pfSense drops the ports to be sure that is working in this environment.<div><br></div><div>In the meantime, which .c file(s) can I peruse to learn more?</div>
<div><br></div><div>Thanks!</div><div>Troy<div><div></div><div class="h5"><br><div>
</div>
<br><div><div>On Feb 9, 2010, at 3:07 AM, Rupa Schomaker wrote:</div><br><blockquote type="cite">I believe FS opens the ports with an indefinite timeout (never close). I'd have to double check. In addition, FS refreshes the NAT mappings on every keep-alive packet sent by the upnp gateway. Have you done a nat_map status once the ports are missing in pfsense to see if fs still thinks the ports should be open? What if you do a nat_map republish? Do the maps get pushed to pfsense and then stay open for a whlie?<div>
<br></div><div>Perhaps pfsense is sending a keep-alive packet that we don't process right or is invalid? If so, I'd need a packet trace to do analysis. <br><br><div class="gmail_quote">On Mon, Feb 8, 2010 at 10:21 PM, Troy Anderson <span dir="ltr"><<a href="mailto:troy@tlainvestments.com" target="_blank">troy@tlainvestments.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I have been using pfSense (1.2.3) and FS. FS nicely uses UPnP to poke holes in the firewall, but it seems that the holes close after a while. I cannot find any documentation in FS nor in pfSense as to what the timeout is. Is there a setting in FS to do some kind of keep-alive thing with UPnP to keep, e.g. 5060, open? Or is it already doing that and pfSense is the issue?<br>
<br>
Thanks!<br>
_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>-Rupa<br>
</div>
_______________________________________________<br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div><br></div></div></div></div><br>_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>-Rupa<br>
</div>