Ive replied to a few posts over at the pfsense forums on similar subjects and since the 2011 post I made here I have turned up a few pfsense boxes for customers with VOIP. Basically if you look at the information you have already described here namely the failed attempts by the servers to connect inbound you can build firewall rules based on that. No port forwarding needed. You dont want it especially if your running more than one ATA behind your firewall. I have a few numbers here behind my primary data center and use the SIProxd package on my pfSense box. At other sites I simply have built firewall rules allowing both SIP and RTP servers access to the LAN address of the ATA on the customer LAN and have absolutely no problem.
Bookmarks