Strange behavior port forwarding 5060

[ChrisLab]

Morning All.
Thanks admin for account approval.

I've got Fusionpbx behind nat.

I want to register phones from outside. When I port forward 5060, I can register phone, no problem.
Next I want to register trunk to provider. Registration fails.
If I disable port forward 5060, Gateway registers, and phone registration fails.
Forward 5060 again, phone registers & Gateway fails.

Has anyone else had this before, or can someone please point me in the right direction.

Please let me know what additional info I can provide.

Thanks!

 

[glennbtn]

I run one of my boxes behind NAT with no issues

Make sure that you have SIP ALG disabled on the router, as that will just cause you pain.

 

[ChrisLab]

Hi Glennbtn,

I've got SIP ALG disabled. Using Mikrotik Router.

 

[glennbtn]

Mine is also on MT with dstnat rules

5060-5069 TCP
5060-5090,10000-32768 UDP

External registrations such as Groundwire show up as eg 95060

In Variables have you set your public ip address in
external_rtp_ip
external_sip_ip

 

[ChrisLab]

I've only got port fwd 5060 UDP & the rtp ports.
I'll try now as you've got them.

In Variables I've set both to host:FQDN as i've got dynamic public IP, and it resolves when looking at profile status.

Let me test above port forwarding and get back.

Thanks!

 

[ChrisLab]

Hi Glennbtn.

I tried above port forwarding rules. Same results.
As soon as I enable rule, phone registers, & gateway registration drops.
Disable rule > phone registration drops & gateway registers OK.

Lost here.

 

[glennbtn]

To be honest this smells of SIP ALG where 1 item would registered with 5060 then when the next device registers, it knocks off the previously registered device.

 

[ChrisLab]

SIP ALG definitely disabled.

As I see it, 5060 needs to be port forwarded to get external phones registered.
Question is, why does Gateway registration drop as soon as 5060 gets forwarded?

 

[glennbtn]

Are these set as dstnat and not srcnat

If so I am also at a loss as have many site pbx's setup behind MT routers with no issues

 

[ChrisLab]

set as dstnat

 

[ChrisLab]

Anybody else maybe have an idea of what's happening here?

 

[DigitalDaz]

Post some logs when doing the forwarding, preferably using sngrep of the attempt to register to the provider.

 

[ChrisLab]

Hi Daz.

I attached 2 screenshots.
The 1st one is where 5060 is forwarded & trunk doesn't register.
I left it running & disable port forward, and after a few seconds, trunk registers. (2nd Pic).

I hope this info helps.

Thanks!

 

[DigitalDaz]

We need the detail not a picture. Inside the register press F6 and paste that.

 

[ChrisLab]

Hi Daz,

Sorry about that, still learning..

Please find screenshot attached.
I hope I didn't hide to many details....

Just another thing, I rebooted the server before the attached sngrep, and noticed that my internal & external profiles didn't load.
I checked freeswitch log and found:

[ERR] sofia.c:3296 Error Creating SIP UA for profile: external (sip:mod_sofia@:5080;maddr=192.168.0.99;transport=udp,tcp)
[ERR] sofia.c:3307 Error Creating SIP UA for profile: internal (sip:mod_sofia@:5060;maddr=192.168.0.99;transport=udp,tcp)
The likely causes for this are:
1) Another application is already listening on the specified address.
2) The IP the profile is attempting to bind to is not local to this system.

Started OK manually.

I don't know if this has something to do with whats happening.

 

[ChrisLab]

Hi All.

I got my problem resolved by setting my 5060 port forward to my WAN interface only.

Don't know If this is two wrongs to make a right, but everything is working as expected.

Thanks for all the input.