I believe FS opens the ports with an indefinite timeout (never close). I'd have to double check. In addition, FS refreshes the NAT mappings on every keep-alive packet sent by the upnp gateway. Have you done a nat_map status once the ports are missing in pfsense to see if fs still thinks the ports should be open? What if you do a nat_map republish? Do the maps get pushed to pfsense and then stay open for a whlie?<div>
<br></div><div>Perhaps pfsense is sending a keep-alive packet that we don't process right or is invalid? If so, I'd need a packet trace to do analysis. <br><br><div class="gmail_quote">On Mon, Feb 8, 2010 at 10:21 PM, Troy Anderson <span dir="ltr"><<a href="mailto:troy@tlainvestments.com">troy@tlainvestments.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">I have been using pfSense (1.2.3) and FS. FS nicely uses UPnP to poke holes in the firewall, but it seems that the holes close after a while. I cannot find any documentation in FS nor in pfSense as to what the timeout is. Is there a setting in FS to do some kind of keep-alive thing with UPnP to keep, e.g. 5060, open? Or is it already doing that and pfSense is the issue?<br>
<br>
Thanks!<br>
_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>-Rupa<br>
</div>