1 NIC - Need two gateways due to local sip

I have a system with a single NIC however the sip provider dropped it off as a local RJ45. I still need my eth0 to interface with the exisiting router so I can remote program and remote phones can register. They mentioned something about building a static route to their device. Can I do this with a single NIC?

Could you consider adding a USB-style RJ45 (NIC) to your system?
Could you consider using a “sub-interface” to the existing NIC (to have 2 IP addresses)?

in my opinion, you should add another nic to the server and connect that to the provider. I have a similar setup and that is how I did it. Another nic will not cost much and it will make your life a lot easier

1 Like

If you have your system set up behind a NAT router and are operating the server in the “local network”, you can easily do this. Of course, for this to work, you will need a Firewall with NAT and you will need to redirect the external address (port 5060) to the server in the local LAN.

The server is setup behind a NAT firewall( on a local network of My current NIC is using that firewall as my gateway, which allows me to get updates and remote into the server.

My SIP Carrier however dropped off the SIP as a local interface. They claim I can install a second NAT firewall and plug the local SIP into the WAN port which I"m ok with. The question is when I configure my trunks how do my trunks know to use the local sip router and not the normal gateway of the server?

I’ve never used a usb-nic before. Are they plug and play or do I need to do a lot of backend programming for it to function? (Besides setting up another eth profile in network settings)

It depends if the kernel already includes the drivers or not.
In any case, it is simpler to have two nics, at least in my personal experience. I currently have my FreePBX with such configuration. One NIC connects it to the local LAN, the other one connects it directly to my VoIP provider’s equipment and I use ipatbles to limit access only to the provider’s trunk IP.

Their approach is to add another NAT Router (a new device) and put it on the network. This second device will have a local address which you can use as a “gateway” for a static route in the routing tables on the PBX. The only device that will talk to is the PBX, so that’s simple enough.

Adding the static route on the PBX to get to the ITSP addresses through your new gateway isn’t hard.

Neither is adding a new NIC and turning on the Integrated Firewall and limiting access based on the network settings…

I’ve never added a static route using FreePBX before. Is this done at the root level?

Yes - this is definitely not something you’ll be able to do through the GUI.

The command at the console CLI will be ‘route add x.x.x.x …’ etc.

1 Like

after doing some research it appears I need to create a route-eth0 file and to it add the static route (as seen below) or perhaps your route add command makes the file?

/etc/sysconfig/network-scripts/route-eth0 like this: via dev eth0

I was able to make a second eth connection on eth0. I ended up needing to turn on sip guests and allow anonymous sip calls because the system was sending a 401 unauthorized but calls are going in and out on the onsite sip circuit. Thank you for your help!

In general, you should not need to enable those two options. In fact, if your firewall is not correctly configured, you are opening your system to toll fraud.

1 Like

I agree completely but I was at a loss. The SIP Trunks do not have a username/password as they are onsite SIP from the provider. They said that asterisk was sending a 401 unauthorized when they tried to send a call to the server. I tried the insecure=port,invite setting but still no luck. I wonder if I"m missing a SIp Trunk setting

Have you configured the trunk with an IP or a DNS name?

The trunk is using an IP address for the host.

Maybe your provider is sending calls from more than just one IP.

They do have two outbound proxies that they use to handle their calls. My SIP Trunk only has a single outbound proxy in it. Maybe I can add a second outbound proxy to that sip trunk?

So making the secondary eth0 acccount worked. eth0 is which eth0:sip is

I have a router at .6.1 that is connected to the onsite SIP and calls are going in and out. SO far so good.

However now all the traffic is using the secondary eth0 port, the system can’t update itself and my IAX2 trunk also tries to use it. (not working)

How do I keep other traffic using the primary eth0 account?

It sounds like your default route has been set to the address.

I suspect that you need to change it so that your default route goes out to and that specific destinations go out through For example, your outbound traffic destined for your ITSP’s address should be directed to that address. Since we don’t have all of the IP addresses for all of the destinations, it’s hard to get specific, but limiting the route for specific destinations so that they use the x.x.6.1 route should work.