3CX PBX in the Cloud
1 year FREE - no ties!
google cloud platform
3CX
Zero Admin
With the new Dashboard
3CX
Bulletproof Security
With SSL certs and NGINX
3CX
Install on $200 Appliance
Intel MiniPC architecture
3CX
New, Intuitive Windows Client
More themes, more UC
3CX
More CRM Integrations
Scripting Interface to add your own
3CX
Improved Integrated Web Conferencing
iOS and Android apps included
3CX
Run On-Premise or in the Cloud
Google, OVH, Windows & Linux
Fast & easy call management
With the 3CX Web Client

Modifying the Debian IPTables and Windows Firewall

Modifying the Debian IPTables and Windows Firewall

On this topic:

Modifying the Debian IPTables and Windows Firewall

Introduction

On Linux

On Windows

See also

Introduction

When SIP or Tunnel ports are modified, the firewall rules created during installation need to be modified too. In this guide we take you through the steps required to do this both on Linux and Windows.

On Linux

If you are running 3CX on Linux, then you need to modify the firewall that ships with debian - this is called IPTables.

1. Connect to the machine via ssh and Issue the command:

iptables -L INPUT --line-numbers | grep -e 5060 -e 5090

Example output:

...

10   ACCEPT     tcp  --  anywhere             anywhere             multiport dports http,https,5000,5001,5015,sip,sip-tls,5090 tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW

11   ACCEPT     udp  --  anywhere             anywhere             multiport dports tftp,sip,5090,afs3-fileserver:9500

2. Locate the rule you want to change. Since we are looking to change the SIP and Tunnel port (5060 and 5090 respectively), the rule in question is rule 10 and 11 (tcp and udp respectively).

3. Issue the following command to obtain the command-form of the rules you want to change: iptables -S INPUT | grep -e 5060 -e 5090

Example output:

iptables -S INPUT | grep -e 5060 -e 5090

-A INPUT -p tcp -m multiport --dports 80,443,5000,5001,5015,5060,5061,5090 -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT

-A INPUT -p udp -m multiport --dports 69,5060,5090,7000:9500 -j ACCEPT

4. In a text editor, paste the -A entries above and change references of 5060 and 5090 to the new ports you want to use. For example, we will change 5060 to 5062 and 5090 to 5097. The new commands should read:

-A INPUT -p tcp -m multiport --dports 80,443,5000,5001,5015,5062,5063,5097 -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT

-A INPUT -p udp -m multiport --dports 69,5062,5097,7000:9500 -j ACCEPT

5. Using the aforementioned edited commands for IPTables, issue the following commands:

/sbin/iptables -R INPUT 10 -p tcp -m multiport --dports 80,443,5000,5001,5015,5062,5063,5097 -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT

/sbin/iptables -R INPUT 11 -p udp -m multiport --dports 69,5062,5097,7000:9500 -j ACCEPT

On Windows

If you are running 3CX on Windows go to “Start > Control panel > Windows Firewall > Advanced settings > Inbound Rules” and edit the first rule “3CX Phone System Server TCP IN”.

  1. Click on Protocols and Ports
  2. Change 5060 to 5062, 5061 to 5063 and 5090 to 5092
  3. Click on the second rule “3CX Phone System Server UDP IN”

  1. Click on Protocols and Ports
  2. Change 5060 to 5062, and 5090 to 5092

See also

Get 3CX Free for 1 Year Today
Download On-Premise Try in the Cloud