3XC with Tomato Router - Port 9000

Discussion in '3CX Phone System - General' started by Mike72677, Dec 13, 2016.

Thread Status:
Not open for further replies.
  1. Mike72677

    Joined:
    Dec 3, 2016
    Messages:
    9
    Likes Received:
    0
    I'm running a Linksys router with Tomato loaded on it. I have all of the port forwarding setup and I put my 3CX IP in the DMZ, but when I run the Firewall Checker, port 9000 always fails. 9001 - 9255 all pass, it's just 9000 that fails. All other tests also pass. Everything seems to be working with my 3CX. Anyone have any ideas? Thanks!
     
  2. ALuisPV

    Joined:
    Mar 7, 2016
    Messages:
    28
    Likes Received:
    1
    Hi,

    I don't know much about TomatoRAF

    But, what happens if you don't use the DMZ and try to do a Basic Port Forwarding instead ?. You need to open:

    - 5060/UDP for SIP
    - 9000-9255/UDP for RTP
    - 5090/TCP and 5090/UDP for Tunneling

    Do you have the same issue ?

    Best Regards.
     
  3. Mike72677

    Joined:
    Dec 3, 2016
    Messages:
    9
    Likes Received:
    0
    I get even more failures if I setup the basic port forwarding. I get the most success with the machine in the DMZ.
     
  4. ALuisPV

    Joined:
    Mar 7, 2016
    Messages:
    28
    Likes Received:
    1
    Hi Mike72677,

    did you have the opportunity to try with another router or only with the one based on Tomato RAF ?.

    Best Regards
     
  5. Mike72677

    Joined:
    Dec 3, 2016
    Messages:
    9
    Likes Received:
    0
    I've only tried with the Tomato router so far.
     
  6. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,355
    Likes Received:
    223
    In the past I have seen some people have issues when trying to use 3CX in the DMZ to avoid doing port forwarding. Not certain why forwarding wouldn't work for you. Did the Firewall checker come back with the same port having a problem?
     
  7. Mike72677

    Joined:
    Dec 3, 2016
    Messages:
    9
    Likes Received:
    0
    Well...tried to flash a different version of Tomato into the router and bricked it. Swapped it out for a Linksys WRT120N. Setup all the port forwarding and the Firewall checker bombed big time. Had to put the server IP into the DMZ to get the tests to even pass. Now my 9000-9500 port fail randomly. Not sure if the test is too much for the router to handle or what. Random ports in the list will fail once, then pass a second time and others fail.
     
  8. michaelholt

    Joined:
    Oct 9, 2015
    Messages:
    18
    Likes Received:
    3
    If on Windows, do you have the internal firewall turned on? If you have correctly configured your router, I would be looking at other devices.
     
  9. Mike72677

    Joined:
    Dec 3, 2016
    Messages:
    9
    Likes Received:
    0
    I'm using the Linux version of 3CX v15, loaded with the downloadable ISO. And running the firewall test from a Macbook.
     
  10. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,355
    Likes Received:
    223
    Something else is going on if the firewall test fails with the proper ports forwarded. DMZ should not have to be used.

    I've used DD-WRT on D-LINK DIR-615s for the last several years, with no issue what-so-ever. The routers are easy to find used, and cheap. Wireless isn't the greatest, but they do offer PPTP VPN. I tried Tomato, but found no advantage.

    If you can't get the Firewall Checker to work using a very basic router, with the correct ports forwarded, then you have to begin looking elsewhere.

    I'm assuming that your router has a Public IP and you are not using a provider that issues private IP's, some do.
     
  11. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,355
    Likes Received:
    223
    Could another programme on the Macbook be assigned to the 9000 series ports?
     
  12. 12494

    12494 Member

    Joined:
    Apr 16, 2010
    Messages:
    280
    Likes Received:
    20
    Make sure you have SIP ALG disabled in the router.
    It may just be listed as SIP under Advanced/Nat Helpers

    Allen
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.