3CX Phone System frequently communicates across LANs and establishes calls between devices (softphones, hardphones, gateways, VoIP providers, and PBX bridges) which are located on different networks. The PBX communicates both with devices that are inside the PBX’s LAN (internal devices), as well as with devices that are outside the PBX’s LAN (external devices). 3CX needs to adjust the SIP packets depending on whether a device is external or internal. Since 3CX Phone System will need to communicate with external devices by crossing a NAT device, firewall configuration comes in to play as well, since this may affect packet routing.
When is a device internal and when external?
Since the composition of a SIP message for an internal device and that for an external device is different, the PBX must decide whether the device it is communicating with is internal or external, in oder to correctly interpret incoming SIP messages, and to correctly build outgoing SIP messages.
An internal device is a device which:
- resides on the same LAN as the PBX.
- can be reached by the PBX, and which can reach the PBX, directly without the need to cross a NAT device.
- can receive an IP packet from, and send an IP packet to, the PBX, where the IP header information for Source IP/Port and Destination IP/Port remain unchanged.
An external device is any device which does not fall within the definition of an internal device as specified above.
When a device is external
When a device is external, the public resolved IP will be used in the contact, as supplied by the STUN clients query to the configured STUN server. The STUN Servers which will be queried for resolution are set via the 3CX Management Console “General Settings” page, in the “STUN server options” section.
Default behaviour to identify Internal and External Devices
By default the PBX will assume that it is behind a NAT device, and will treat devices on certain IP addresses as internal, as per parts of RFC_3330 and RFC_1918. (Refer: http://www.ietf.org/rfc/rfc3330.txt, Refer: http://www.ietf.org/rfc/rfc1918.txt)
This, the PBX will treat all devices as internal when they are inside the following address spaces:
The PBX will enumerate all the IP Addresses on its network stack and attempt to resolve the PBXs IP/Port combination on each of the detected interfaces.
Customisation of Internal/External device detection
You can override the default Behaviour of identifying an external/internal device by creating a “LocalSubnets” option is missing in the “[Network]” section of the file “C:\Program Files\3CX PhoneSystem\Bin\3CXPhoneSystem.ini” (assuming default install folder). Here you can specify exactly which subnets are to be considered local.
A good example by way of explanation is a 3CX Phone System hosted with a High-Bandwidth backbone provider, where the server is directly connected to the internet with a public IP Address, and with no NAT devices between it and the outside world.
In this scenario, all public addresses will need to be considered as internal by the PBX.
We can configure this by adjusting the following parameters in the file:
C:\Program Files\3CX PhoneSystem\Bin\3CXPhoneSystem.ini
- Locate the “[Network]” section of the INI file. If it does not exist, create it.
- Add an option to the “[Network]” section of the INI file, called “LocalSubnets”, containing a comma-seperated list of subnets in CIDR format: a.b.c.d/x
In this example, the addition to the INI file would like this:
Note: By way of explanation, this is how to configure the INI file to explicitly declare the default behaviour:
If, for example, the administrator needs to include some additional addresses as being internally routable without crossing NAT boundaries, he can use: