Configure NAT for FreePBX on Vmware

Hi guys, I have FreePBX installed on Vmware and using NAT for networking. Here is the problem, if I use the bridge networking, everything works fine, I could easily connect my softphones to the server. But with NAT, I’ve tried to port forwarding , and now I’m able to connect to the web interface of FreePBX, but when I tried to connect the softphones, it still can connect to the server.

But after I checked the log on the server it said that the user I just have connected to , it said that that user is now UNREACHABLE.

My port forwarding on vmware: +Host port: 8560
+VM port 80 tcp
-This is to connect to the web interface

                                               +Host port:8561
                                                +VM port 5060 udp
                                               -This is for chan_sip 

p/s: I’m using chan_sip, and I want to demo this project at my uni so I can’t use the bridged networking.

Using NAT networking is a very complex setup and you probably have no need for it.

Go back to bridged networking. In Asterisk SIP Settings -> Chan SIP Settings, change Bind Port from 5060 to 8561. Restart (not just reload) Asterisk and you should be good to go.

Of course, your softphones will also need to be configured to connect to port 8561.

If you still have trouble, post details (softphone name and version, special settings, any errors logged by softphone or Asterisk, etc.)

Note: on newer FreePBX versions, pjsip defaults to port 5060 and chan_sip is on 5160. Did you have trouble with pjsip? Change the ports for some other reason?

Sadly, I have to use NAT due to the network in my UNI, they have MAC filter, so I can’t use the bridge networking.
About the port part, I was just follow the tutorial on youtube from Crosstalk Solution.
The Bridged networking works fine with me, I have already done that, I was just trying to figure out how to do it on the NAT so that I could demo my project about Voip

Please explain the overall setup. What extensions will you be using? Where are they connected (other VMs, on the host, elsewhere on the host’s LAN, elsewhere in the university, outside on the internet)? What trunks are you using? How are they connected?

At the moment my setup is: FreePBX running on VM, and using softphones on the host pc and smartphone to connect to it, using SIP extension.
And I’m connecting all of them on the same network. I was just trying to make a call from both device first.

How does the smartphone connect (Wi-Fi or mobile data)? If Wi-Fi, does it get an address on the same subnet as the host pc?

1 Like

yes it is, I only try to connect all of them on the same subnet atm

You need to forward UDP ports 5060 and the RTP port range. Unfortunately, I believe that VMware doesn’t allow forwarding a range of ports. You could try setting a small range, e.g. 10000-10008 in SIP Settings -> RTP Port Ranges. Then forward those UDP ports to the PBX guest. The port numbers should not be translated. 5060->5060, 10000->10000, etc.

Set your host softphones to bind to other than 5060 to avoid a conflict.

Set nat=yes for the extensions.

In SIP Settings, set External Address to the address of the host. Set Local Networks to the subnet given to the PBX guest. Restart Asterisk and test. If you have trouble, you’ll probably need to run tcpdump on the guest and Wireshark on the host to see what is going wrong.

Simpler alternate approach:

Get a cheap Wi-Fi router. Set it up to spoof your host’s MAC address on the WAN side, to keep the UNI system happy. Use bridged networking. Have the smartphone connect to your local router Wi-Fi. Your entire demo is now completely independent from the UNI system and should be easy to set up.

1 Like

About the second approach, you mean that I will make the wifi router into a repeater right ? And change its MAC into my host MAC to bypass the UNI ?

So the forward setting I will do it on the VMware right?
And also I will just use the random unused port on the host to translate these ports right ?

No, it will be a NAT, so all traffic seen by the UNI network will come from one IP address and one MAC.

Its DHCP will hand out 3 addresses (all on the same subnet) to the host, the guest and the smartphone.

Your demo traffic should not hit the UNI system at all, but the router will allow other applications on the host, guest and smartphone to access the internet.

Yes, you would set up forwarding in VMware. But the forwarding should not translate any port numbers. If you keep chan_sip on port 5060, you should set up the host softphone to bind to a different port. Or, change chan_sip Bind Port to something else, and forward that to the guest.

My understanding from what you said is, I somehow get the router connect to the Uni network and NAT all of my traffic from 3 devices through it. But the thing is I can’t get any physical access to the UNI network so how could I do that ?

64249430_411982326318792_4097030511233335296_n
Is this what you mean ? , or should I put the port 10000 on the host ?
But if I leave the host port blank, vmware doesn’t accept it.
p/s: my pbx ip is 192.168.137.128

Sorry, I had assumed that the host was connected by Ethernet. If the only UNI access is via Wi-Fi, you would need a router that could connect wirelessly to UNI as a client and still function as an AP (on a different SSID) to serve the smartphone. Mikrotik, Ubiquiti, etc. will do that but most consumer routers won’t (unless you load third party firmware, e.g. DD-WRT).

If the host is Linux, perhaps you could run Asterisk on it without a VM. If it’s Windows, maybe give up on FreePBX and run FreeSWITCH or 3CX. Or, boot to a Linux host running FreePBX and softphones, with Windows as a guest.

For each mapping, Host port and Virtual machine port should be the same, e.g. 10000 → 10000.

This means that if you use port 5060 for chan_sip, you’ll have to use a different one for the softphone. Or, vice-versa.


Does this mean that this router of mine is sufficient for the job ?

It probably is, but I know nothing about it. Unless another member jumps in here, you’re on your own.

Some other thoughts:

Give up on the VM and run FreePBX on an old laptop or desktop, or on a device such as a Raspberry Pi.

Or, get a USB Wi-Fi dongle, put it in the host and set up VMware so the device is given to the guest. It would then appear as a separate user on the UNI system.

Or, if you can’t get the Tenda to function simultaneously as client, router and AP, set it up as just a client, plug the host Ethernet port into it and set up VMware so the Ethernet NIC is given to the guest.

Thank you, I’ll look into this, thx a lot for helping me out this long . Imma try these solutions you just gave me

I have just ran into another problem, the X-lite softphones on my host now able to register to the freepbx, but other device in the network can’t reach the freepbx.

Also about the usb wifi dongle/ Tenda solutions, so you mean I will add another network adapter to the freepbx vmware right ? And then bridge the ethernet NIC to the vm ?

p/s: The other pc in LAN still able to connect to freepbx web interface