Firewall Checker probes wrong ports

Discussion in '3CX Phone System - General' started by zccit, May 11, 2013.

Thread Status:
Not open for further replies.
  1. zccit

    Joined:
    Apr 22, 2013
    Messages:
    12
    Likes Received:
    0
    Hello

    When we do a firewall checker test its probe the wrong ports.

    Ports 5060 and 5090 is okee

    Testing SIP Port 5060 using STUN server: stun.3cx.com:3478
    Resolving STUN server stun.3cx.com ... Resolved to: [192.198.87.70]
    [Test1] Reachability test ... Resolved Public IP: OUR_PUBLIC_IP:5060
    STUN server stun.3cx.com has second address 192.198.87.71:3479
    [Test2] One on One Port Forwarding ... OK.
    Public IP: 95.97.193.140:5060

    But ports 9000 - 9049 not
    Here its trying tot test OUR_PUBLIC_IP:10403 and it sould be OUR_PUBLIC_IP:9001

    Testing External Audio RTP Port 9001 using STUN server: stun.3cx.com:3478
    Resolving STUN server stun.3cx.com ... Resolved to: [192.198.87.70]
    [Test1] Reachability test ... Resolved Public IP: OUR_PUBLIC_IP:10403
    STUN server stun.3cx.com has second address 192.198.87.71:3479
    [Test2] One on One Port Forwarding ... FAILED.
    No response received or port mapping is closed. Firewall check failed. This configuration is not supported

    Any one?

    Regards,
    Jan Mourik
     
  2. lneblett

    lneblett Well-Known Member

    Joined:
    Sep 7, 2010
    Messages:
    2,083
    Likes Received:
    61
    How many NIC cards or Ethernet connections are available on the server where 3CX is installed?
     
  3. zccit

    Joined:
    Apr 22, 2013
    Messages:
    12
    Likes Received:
    0
    Hello Ineblett,

    Its a virtual pc, win 7 Enterprise with 2 Gb, one NIC, running on Windows 2008 R2 Enterprise with hyper V version 6.1.7601
    Port forwardings on the router are okee. TCP & UDP. Checks done with BluesPortTool. No problem.

    Looks like 3cx ask the wrong port numbers to probe.

    Jan
     
  4. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,739
    Likes Received:
    281
    The firewall test isn't testing the wrong ports. It simply reports back the results of port "probes", to put it in simple terms. It sounds as if there is some port (re)-mapping going on. many Routers will do this.

    This explanation of STUN is very well done ...http://en.wikipedia.org/wiki/STUN
     
  5. zccit

    Joined:
    Apr 22, 2013
    Messages:
    12
    Likes Received:
    0
    Its not the public ip thats goes wrong but the port

    The other ports like 5060 in the rule [Test1] .... at the end says 5060
    [Test1] Reachability test ... Resolved Public IP: OUR_PUBLIC_IP:5060

    I would expect that the other port wil go the same way.
    So testing for 9000, 9001, .. look like this:


    ...
    [Test1] Reachability test ... Resolved Public IP: OUR_PUBLIC_IP:9000
    ....

    ...
    [Test1] Reachability test ... Resolved Public IP: OUR_PUBLIC_IP:9001
    ...

    ...
    [Test1] Reachability test ... Resolved Public IP: OUR_PUBLIC_IP:9002
    ...

    I have a other virtual pc runnung with virtualbox, 3cx version 12 and the firewall test goos like above example wiht the correct port numbers.

    Mayby ill try a other router. Now its a Zyxel NB460N.

    Sorry for my english.
    Jan
     
  6. zccit

    Joined:
    Apr 22, 2013
    Messages:
    12
    Likes Received:
    0
    SOLVED ... Re: Firewall Checker probes wrong ports

    Solved!

    We replaced the Zyxel NB460N router with a Zywall USG50 and the firewall check goes well now for all ports.


    Jan
     
Thread Status:
Not open for further replies.