Port forwarding to IP belonging to another gateway

Hello mates,

I have a question about port forwarding. I already tried all I know to get this working but it’s beyond me.
So I have Nethserver in my network working as gateway and firewall, I setted up port forwarding for different services/devices on my network and everything works perfectly fine.
But, as always, there is a big but.
At my office we have a SIP hybrid PBX which I have to manage, not always from my office but from anywhere. The PBX is connected to my provider through a router (I can manage the PBX but not the router). The router is setup as, the PBX as So to be able to manage the PBX from anywhere in the world I setted up a lan card in my Nethserver as and the gateway as and they are all 3 (and just these 3) in a switch.
I tried to forward a port from my Nethserver to the PBX (just like I did with the rest of my port forwardings) but it’s not working, I can’t reach the PBX from the WAN of my Nethserver. I think port forwarding works only if the gateway belongs to the Nethserver.
Locally, in my network, if I setup a PC with an IP belonging to the network AND as gateway I can reach the PBX (on the local IP
The only way it works from WAN is if I setup the lan from my Nethserver to (and the gateway as the same IP). But this way I am 100% sure I will get an IP conflict between PBX and Nethserver.
So my question is: Is there any way to get this working like this? Does port forwarding in Nethserver work if the gateway doesn’t belong to Nethserver? Or this is something that’s never going to work and I have to find another solution to manage my PBX (like calling the phone company to ask them if there’s a public IP on that router and ask them to give me that IP and to make a forwarding from that bloody router to my PBX)?

If you want port forwarding and can’t replace or control the router you need to ask the phone company to give you access to the router or setup port forwarding.

Other ideas:

Can you ssh to the PBX? Then you may use SSH tunnel port forwarding.

What about software like ngrok or pagekite, see Server access behind Mobile network using ngrok or pagekite

You may use remote support software like Teamviewer to connect to a PC in the phone network.

RED network subnet Router PBX (router as gateway) NethServer RED interface (router as gateway)
GREEN network subnet
Subnet unknown
Any computer into GREEN subnet should access to flawlessly…

Yes it is: if you cannot manage the router in any way, call ISP and ask fo port forwarding

  • to PBX
  • to NethServer

for every service that you need
My question is: are you sure you want your PBX admin console reachable from every public ip address of the world?
There are two options to avoid this, IVMHO

  • Enable RoadWarrior OpenVPN on NethServer
    Ask ISP to forward port used by RoadWarrior OpenVPN
    Push route to PBX/RED into OpenVPN configuration
    Create a firewall to access OpenVPN->PBX and Viceversa (maybe optional)
    Connect from WAN with OpenVPN and check PBX access


  • Reconfigure PBX and put into GREEN Subnet
    Ask ISP to forward port used by PBX admin console to NethServer
    Configure portforward and FIrewall rule on NethServer conditioned to Time and public ip Addreses