3CX Voip PBX - Cannot Solve Port Forwarding Problems - Help please!!



  • I have having problems getting 3CX PBX to run , as PFSENSE is not correctly forwarding the ports with my current configuration.  I looked around the forums and not much luck so I emailed a forum member Craig who had posted a 3CX post a while back (with no replies).  He has offered to help, though best to bring it back to the forum so others could read and hopefully help.  My email to him and his response below:

    _From: craig
    Sent: Monday, 8 October 2012 6:44 PM
    To: noddy184
    Subject: RE: 3cx on pFsense

    Hello how are you doing?

    Yea I have managed to get 3CX working with Pfsense 2.0.1.

    I still didn’t get the 32 seconds disconnections working. But if I tunnel into the system using 3CX tunnel server, it works just fine. But the reason I wanted to get it working, was so I can take a cisco phone and just configure it with the external IP and use it as a phone outside the network. But I’m working on it, and I am sure will get somewhere soon, but its not urgent for me.
    Few questions, as its hard to help not knowing your entire setup.

    What version of Pfsense are you running?

    Do other NAT port forwarding work with Pfsense? IE Remote Desktop? Or webserver or something?

    Does 3CX Work internally? Can you phone people locally?

    What is your SIP Provider?

    Have you found out what ports they need open for the phone system to work? FYI I use Sipgate.co.uk, as they are free and its amazing!

    In the providers section in 3CX you should see your provider… and it should be status green??

    These are the NAT Ports I have open to forward onto my box.

    Please note, I don’t use 1 & 1 NAT, I just use simple NAT Forwarding…

    TCP/UDP 5060 (SIP) Very important for the provider…
    TCP/UDP 5090 (3CX Tunnel port) Don’t have to open this, but up to you. Mainly for the 3cx phone with tunnel.
    UDP 9000-9049 (RTP Ports) This is so people can be on the phone at the same time._

    _From: noddy184
    Sent: 08 October 2012 04:08
    To: craig
    Subject: 3cx on pFsense

    Hi there, got your email from the PFsense forum

    just wondering if you ever got your 3cx voip box to work on pfsense.?
    http://forum.pfsense.org/index.php?topic=47633.0

    I am having major troubles , 3cx portforwarding coming up with ‘pass with warnings’ msg.

    If you can give me any tips thatd be much appreciated.

    Thanks
    noddy_



  • Hi Craig,

    Thanks for your response and your assistance.  I thought I’d tell you about the network I’m currently running.

    Presently in regards to VOIP I have a 3CX PBX box, Cisco Deskphone, Cisco SPA3102, multiple 3cx softphones and android based 3cx working perfectly OUTSIDE of the pfsense environment (all this now plugged directly into my modem router, the Dlink DSL-2750B). I really like 3CX. The voip provider is Engin and I have 2 accounts and 2 phone numbers plus 1x PSTN.  The SIP port is 5060, the 3cx tunnel port is 5090, and rtp is 9000-9015.  I have had it running 4 months and it all works well, however my biggest problem is that other pcs and devices have tendency to starve the voip of bandwidth and mess up the calls.  I’m also about to add 6x Cisco7940g deskphones to the setup.

    I have a PFSENSE box at the moment soley to control kids devices and computers, with squid guard and proxy server, all working well.

    Because of these QoS issues I propose putting ALL the equipment under the control of PFSENSE.

    Network diagram is attached, just of the voip gear.  The other devices on the network include: 5 smart phones, WDLIVE, 8 laptops/PCS, printers.

    Answers to your q's:
    -I have latest version of pfsense v2.0.1 single lan single wan
    -I have set the Dlink modem to port forward the ports 5060, 5090 & 9000-9015 to the wan port of Pfsense box. I am fairly sure the modem is correctly forwarding these ports to pfsense because all i changed on the original config under nat on the modems GUI was the IP target (was pointing straight to the 3CX PBX box, but changed it to the IP of PFSENSE'S WAN)
    -3cx works internally when under pfsense
    -ports that have to be opened are 5060, 5090, 9000-9015

    I have attached a screenshots of :
    -the current NAT settings, (note I havent touched the 1:1 and outbound tabs)
    -3cx error message when running the firewall checker  (firewall checker reports nil errors when NOT under pfsense)

    Things to discuss?
    -are you running a free or paid version of 3CX?  Maybe we need to ask more about the specific 3CX error and what it means. The symptoms for me is no audio on calls.  Calls dial in ok and they register ok with the SIP providers (getting greens).  Which is typical of a port forwarding issue.  (RTP ports probably?)

    -Should I be running single wan and MULTI lan for better traffic shaping and QoS (to be configured later).

    At the end of the day, main problem is that clearly the pfsense portforwarding is not working as it should, but why?
    (!)

    cheers
    noddy

    ![network diagram - pbx items only shown.jpg](/public/imported_attachments/1/network diagram - pbx items only shown.jpg)
    ![network diagram - pbx items only shown.jpg_thumb](/public/imported_attachments/1/network diagram - pbx items only shown.jpg_thumb)
    ![pfsense settings.jpg](/public/imported_attachments/1/pfsense settings.jpg)
    ![pfsense settings.jpg_thumb](/public/imported_attachments/1/pfsense settings.jpg_thumb)
    error.txt



  • I understand your issue now a little better… It looks like you are Nating NAT! this is never good on a network. You need to put it into the Bridge mode to bridge the traffice to Pfsense, and let pfsense authenticate to your ISP to get out onto the internet. As soon as you do that, you wont have these problems. In my senario i have multiple IP Addresses from my ISP and configred Pfsense to talk to my Zxel router, with no firewall and NAT Turned off the Zyxel.

    Personally if i was you, if you want to use the Dlink... Up to you, i hate them! lol nothing but issues.. try and find out if you can put this into a bridge mode, and just use it to make the connection to the local exchange and then setup Pfsense to use PPPOE to authenticate, and then the WAN on the pfsense should be a public IP address and not a natted LAN IP.

    Hope this makes sense?



  • Have tried to configure my WAN on the PFSENSE box to PPPoE with a Netcomm NB6 in Bridge Mode and am stuck again.. any ideas?

    http://forum.pfsense.org/index.php/topic,54495.0.html



  • How are you getting on? Have you got any further?


Log in to reply