Distro behind Firewall - Extensions not registering

I’m having trouble registering all our extensions after placing the freepbx box behind a firewall.

The setup is as follows:
My router has a public WAN IP as and LAN IP is

The PBX box is connected to the router and has an IP of

On the router I have forwarded UDP and TCP port 5060 to I have also forwarded the PORT range 10000 to 20000 for RTP to
In the PBX I had changes the following setting:

Tools – Asterisk SIP settings:
NAT settings:
IP configuration: Static IP

External IP:
Local Network
Local Networks: /
Codecs Selected are: ulaw, Alaw and Gsm
In Extensions tab, under “Device option”. NAT is set as ”yes”

I ‘ve programmed the phones to connect to, using port 5060, but they are not connecting. The status error is 408.
Please advise if I have missed any step or what else I can we try?
Any suggestion would be appreciated,


Surely if your localnet is set to / then your phones will connect to your server on

And since they are on the same subnet they wont be being NATed.

The Phones are not on the local network. They connect over the internet.

The router is at a colocation with WAN IP, LAN IP
PBX on Colocation has LAN IP

Phones are on remote sites configured to connect to (router), that is port forwarded to PBX box at

Please comment.


Have you thought about a VPN to the site. This would allow you to use the endpoint manager and other features that require insecure traffic. The VPN solves many problems.

You could use OpenVPN on your server at the data center and a pfSense box at the office.

We do have VPN tunnel setup but its not a solution for us as approx. 100 phone lines of various clients are connecting to our pbx from numerous locations.

Currently they are conneting to another server on a direct WAN IP, theat is not secure. We are setting up another server behind firewall to make it secure and them move our clients to it.

We need the port forwaring to work and I belive it is possible as I have seen articles explaining how to do it. However I have taken those steps but its not working.

Please advise.


Honestly if you are putting “clients” on the system you are making money and can afford to use support to find out what you have set wrong.

You can send the contents of sip_general_additional.conf and the output of “sip show settings” and we may be able to figure it out in the forum.


You all missed the obvious here.

Local Networks: /

Should be

Local Networks: /

Good catch, although it could just be a typo since he had to transcribe by hand.

One would think that a service provider would know the difference between and IP address and a network number.

The network is set to: Local Networks: / NOT

I just made an error in typing it above in the forum.
Still no luck.
Awaiting for more hints.


You can send the contents of sip_general_additional.conf and the output of “sip show settings” and we may be able to figure it out in the forum.

Did you not see this suggestion?

Where do I sent the file? (sip_general_additional.conf)

Is it to be sent to "[email protected]"?

Post the contents in the forum along with the output of ‘sip show settings’

We’re waiting on the results. :slight_smile:

I re-installed PBX and did all setting again and this time it worked. The extensions got registered behind the firewall using port forwarding.

However the 2 test extension I created are registering and I can make calls to each other but no voice is transferring among them. Neither party can hear each other.

I will search the article on the forum. Any Advise?

Thank a lot for your valued support.

Which IP should be dynamic instead of being static?

Just to revamp, my current situation is as follow:
PBX on a remote site behind Firewall, port 5060 UDP and TCP forwarded to PBX. Aslo ports 10000-20000 is forwarded to the PBX.

Phones on another remote site connect to PBX over internet. They registers to the server. When we call from one extension to another extension, the bell rings and connection is established, however no audio is coming on both ends.

Should be dynamic IP in this scenario.

You must have NAT set wrong. Still need the info I requested to help you.

Thank you for your tips and suggestions. The NAT problem was resolved 2 days ago. The audio problem is solved by installing on a different hardware.

I will create a new ticket/case for the audio problem on a particular set of hardware.

Thank you all once again for your support.