Full cone NAT, 3CX SIP Trunk connection

Support
1

NethServer 7.7.1908
Module: Firewall

Hello,

We are using NethServer in VirtualBox on a Windows 2016 Server (recently switched to VirtualBox due to frequent Hyper-V blue screen of deaths). We have two physical NICs assigned to our NethServer. One is a static internet IP, other is local. We have bridging from our ADSL modem on our RED interface and have PPPoE setup and running.

There is also OpenVPN setup and functional.

We are also using 3CX as our phone sub system. 3cx server is installed in a VirtualBox Debian 9 OS. ISO for installation is provided by 3CX so it is properly installed. 3cx virtual server is also running on same Windows 2016 server as NethServer. VirtualBox settings uses LAN physical ethernet on bridge mode. So, host Windows 2016 Server OS shares LAN ethernet with itself, 3cx virtual server, NethServer virtual server.

There are settings advised by 3cx for a pfSense firewall: here

We have “Step 1” static NAT routes setup on our NethServer. However, we couldn’t see how we can do “Step 2: Port Preservation (Full Cone NAT)” using NethServer.

Problem on our side is: SIP Trunk connection is not stable. It works for half of the day OK. But, it fails at some point. At that point we cannot receive phone calls from outside or cannot place a call to outside. Working period is not known.

When we have problem (SIP Trunk failed to connect) we can successfully ping and netstat our service provider: voip.3c1b.net in our 3cx server console. Traceroute seemingly failing at some point.

We are not sure but restarting Windows 2016 Server seemingly (need more testing) solving our problem and SIP Trunk connection is established after that. Just to clarify, traceroute on 3cx console is failing when we have operational connection and working 3cx server.

P.S. Please be advised that above service provider have IP filtering system setup and any IP number incoming out of Turkey, they drop connection.

We wonder if we can do above pfSense settings in our NethServer.

Thanks & regards,
Ertan

2

@ertank

Hello Ertan

Maybe it would be a lot easier if you move the firewall away to another VM.

I love NethServer and use it to manage about 20-30 clients. The NethServer is AD, and provides files, mail, Nextcloud, Zabbix monitoring and other services. All Clients use Proxmox as Hypervisor, I’d suggest taking a look at it.

Proxmox gives me:

  • Live Backups of any OS
  • Live Migration
  • Full HA Cluster
  • All Administration via Web, all Cluster members are equal!

And a lot more! I used VMWare from 1997 to about 2014/15, then started moving to Proxmox.
Proxmox is rock stable. With Proxmox backups / snapshots & NethServers own Backups, I’m almost high available, without really being HA…

BUT:

I DO prefer having my firewall separated from my NethServer, as that gives me less headaches with Routing and Firewalling, especially considering that the NethServer AD is another layer of virtualization inside of NethServer.

I use OPNsense, the fork of PFsense, itself a fork of Monowall. Monowall’s creator suggests using OPNsense, NOT PFsense! After forking their own product, they made a big fuss when someone forked their code! Not very open source mentality!

OPNsense is free as NethServer, you can download it and install it within 20 minutes on any Hardware, including virtual. It can easily do IPsec, OpenVPN AND even Wireshark.
All Options valid for PFsense are there in OPNsense too, I needed that for a client in Germany, with T-Online (Telekom) as their Provider and SIP Provider…

That Option is available in OPNsense under advanced in the GUI.

PS: OPNsense has WOL available in GUI, you just need to give users login and WOL-GUI permissions… :slight_smile:

My 2 cents
Andy

1 Like
3

@Andy_Wismer sorry, yours might be a “non answer”.
@ertank would you please publish a screnshot (in english) of your currently Port forward settings?
Also, i published few months ago a 3CX Windows Installation to internet, solving some issues, but i don’t remember the ports that 3CX needs. Would you please report all ports needed by 3CX into this topic?

NethServer it’s not like pfSense, in various ways. Different source of OS (BSD PfSense, Linux NethServer), different source projects (Hardly tweaked FreeBSD, application enhanced CentOS), different goals (powerful router/Firewall for pfSense, multifunction device for NethServer, also can be a VOIP PBX too) so the tutorial for PfSense may or may not fit completely for NethServer.

4

@pike

I have no problems with a “non answer”.
I suggest possible solutions - or alternate ways…

There are several ways to reach a target, the easiest, fastest and safest is usually the best.

Even if I may be the worlds best expert / doctor on feet, I couldn’t tell you when your shoe pinches. That’s something truely only the wearer can tell!

In IT, that’s the guy with the problem - only he can say: “This shoe fits perfectly, and is great to walk around with!”…

:slight_smile:

My 2 cents
Andy

5

Below is current port forwarding

image
image1361Ă—529 44.1 KB