Inbound after outbound but only for a short time

Hello all, google has failed me, so I turn to you.
I am not particularly knowledgeable, I am just trying to get things working.
This year our 4 year IT guy was removed and I took over this spot, I am slowly learning the system he created and new systems that are in place. I am not a linux user, used my first bit of code last night to reboot the system.
Start of this week our FreePBX failed, it will no longer come up, it was out of date, in many many ways and was slated for replacement once i had time. but now i have had to make time and have no access to the settings that where working.
I have it nearly set up and it does work. However.

I have a CHAN trunk (i know i know i know, i will figure out PJSIP settings later)
this trunk shows connected.
I have an outbound route that works perfectly
i have an inbound route that, well, stops working, it just dead spaces until the trunk provider kicks to the back up cell. Oddly, if I call outbound, the inbound route starts working for a short time.

any ideas? ideas on what i should google that i may have not?
Thank you for reading.

That sounds like dynamic rules are timing out in your router. The cleanest solution is to make them fixed rules. Otherwise you will have to investigate “qualify” settings.

I think you meant:


That is 100% what I meant!

From what I have read I dont need to set up firewall rules due to registering with the provider, vs IP authenticate. or am i miss understanding you. I will evaluate the controller again for settings. I had not found any for the old working system, could this be a change from 13 to current?

Try setting qualify=yes for the trunk. If you already had that, or it doesn’t help, please post:

Router/firewall make/model, any VoIP-related settings.

If router doesn’t have a public IP address on the WAN side, post details about ISP, modem/gateway make/model, etc.

If you have a static (or de facto static) IP address and your provider supports IP auth, you should probably switch to that, as it’s more reliable and a little more secure.

That only helps if you re-register more frequently than the firewall rule timeout. Registrars can choose to force the registration timeout up to an hour, even if you try and offer very frequent re-registration.

Obviously, if your ISP messes with your IP address, you haven’t got much choice, other than to use registration, but simply sending outbound traffic wouldn’t, temporarily, fix things, if that was the main problem.

I have made the change, will evaluate.

Router/Firewall is a ClearOS Community 7 Gateway mess that drives me insane with its robust yet not robust options and set up. I have no idea what version of Linux its on.

We do run a static IP.

David, I should set up forwarding rules for the UDP 5060 and TCP 10000-20000?

The normal 10000-20000 is for RTP, which is UDP.

If possible avoid 5060, as it, and similar ports, will get attacked relentlessly by toll fraudsters. If you don’t have remote users, restrict it to just the service provider.


After running it for 24 hours without dropping incoming calls I feel confident to say that marking Qualify to yes was the solution. Thank you!
If the provider tosses a fit about the setting I will look into forwarding the ports, or moving to IP auth.

Thank you both for your time and answers!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.