remote firewall ports

Discussion in '3CX Phone System - General' started by dapatter, May 18, 2010.

Thread Status:
Not open for further replies.
  1. dapatter

    Joined:
    Feb 17, 2010
    Messages:
    53
    Likes Received:
    0
    hi what are the ports i need on my remote (spoke) firewall to have remote handsets interact with the 3cx pbx at a hub site? i can register ok, make outgoing calls, but when the server calls the handset it rings, but when i pick up nothing....think it is a firewall issue
     
  2. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,850
    Likes Received:
    299
    If you are using one extension behind a remote router then 9 times out of 10 you don't need to forward any ports at that end. Of course there are always exceptions, and sometimes the make of router can cause issues. Make sure that you have enabled STUN on the set, otherwise when the set registers with 3CX the correct IP and port info won't be available and you will have one way (or worse) audio problems. Make sure that the port number of the set is unique (not used by any other device) behind that router.
     
  3. dapatter

    Joined:
    Feb 17, 2010
    Messages:
    53
    Likes Received:
    0
    hi done that but i am having audio issues, it is a snom 320 behind a netgear dg router? appears it is rtp that is the problem. I have stun enabled but when I change the rtp ports on the phone and setup the firewall to allow these, it still continues to use other port ranges, weird?
     
  4. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,850
    Likes Received:
    299
    I'm wondering if there is a setting on your router that needs to be changed. You should not have to do any port forwarding at the remote end especially with one set. he router should know who send the packets and where the incoming should go. I've used an ATA on many LANs where I've had no access to the router to change forwarding and 99% of the time, there is no problem. Proxy servers and other devices using the same UDP port (like 5060) will cause issues, it won't work properly, if at all. A router is made to deliver the UDP packets to the correct device and that's why I'm thinking that there is either a conflict on your network or something needs to be changed in the router. Try taking out any forwarding that you have put in, to the Snom.

    Post the registration log from 3CX showing the set when it is first powered up and registers. Is the set connecting properly to the STUN server?
     
  5. dapatter

    Joined:
    Feb 17, 2010
    Messages:
    53
    Likes Received:
    0
    i believe stun is working fine, says it is registered. cant see anything special on the router, although netgear have a disable sip alg setting which i have not enabled, but i have tried it disabled and nothing worked. you mention an ata on the remote lan and not needing any special setup when using this? what do you mean? I also have an ata on that lan allowing pstn out for local calls and local calls to be routed to the pbx etc.
     
  6. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,850
    Likes Received:
    299
    You have another ATA on the same (remote) LAN that you are trying to get this 3CX extension ATA working?

    What i mean about not requiring any special setup, is...If I go to a foreign location with wired LAN, and I plug in my ATA. 99% of the time I can make and receive calls with no problem. I have no access to the router to do port forwarding. Of course this relies on my device using a port that is not already used on that network. Since 5060 and 5061 are the default SIP ports on may devices, I use something else.
     
  7. dapatter

    Joined:
    Feb 17, 2010
    Messages:
    53
    Likes Received:
    0
    ok well i have stun enabled, and it says all ok, but i still cant get the rtp to go through, only solution at the moment is to open all ports to the extension....weird!
     
  8. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,850
    Likes Received:
    299
    If you get the chance, try the ATA behind a different router. If it works, then you'll know it's a router issue. Or, if you have a (older) "spare" router hanging around, and a lot of us do, try that one.
     
  9. dapatter

    Joined:
    Feb 17, 2010
    Messages:
    53
    Likes Received:
    0
    it's not a router issue, i have replaced the old router with this new one, and the behaviour is the same....i am using the stun.3cx.com server.....
     
  10. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,850
    Likes Received:
    299
    Have you tried disabling STUN and putting the phone directly (or through a switch) into the modem letting it pick up a public IP?
     
  11. dapatter

    Joined:
    Feb 17, 2010
    Messages:
    53
    Likes Received:
    0
    you cant put it directly into the modem and pick up a public ip...thats not the way broadband service providers configure their modems (its PPPoATM), but i am sure that a public ip would work fine as when I disable the firewall and allow all through to the device (phone / ata), no problems....
     
  12. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,850
    Likes Received:
    299
    Sorry, I'm used to our local ISP's that allow you to pick up two or (in some cases) more public IP's with no issues.
     
Thread Status:
Not open for further replies.