I am working on setting up a remote extension. I believe I have isolated the issue to the PBXact appliance blocking traffic from the external IP. I have verified that port forwarding works through my firewall as I have been able to successfully connected to various internal resources externally. However, when I port forward or even fully open a path to the pbx system it does not respond to any external traffic. I have forwarded specific ports as well as forwarding all traffic/ports. I have confirmation from two vendors/consultants that my setup is correct but still no access for the remote extension. I see every hit on the sangoma portal where the redirect is setup as well. I have confirmation that is configured correctly.
Is there anything other than the built-in firewall and responsive firewall that could be blocking traffic on the pbx? I know it is close but I just cannot get past this issue.
Not that I am aware. It is a PBXact appliance. My understanding is the builtin pbx firewall and responsive firewall are what is installed. It does seem like something else is blocking the external traffic though, like another firewall. I am not sure what else to look for in that regard.
You should perform a packet capture, first on your firewall an then on your PBX to see if the traffic your are expecting is actually arriving and what’s happening with it.
I see the traffic on the router/firewall being passed through. However, on the pbx I did not see anything when trying the tcp dump. I can successfully port forward to allow remote management of other computers on various ports, web cameras and printers. The pbx is the only device that I am unable to get any ports to successfully connect through the external connection. I get the same results when I disable the pbx builtin firewall/responsive firewall. There has to be something else on the system blocking packets but I just cannot find it.
Hi Mark, Are you trying to provision Sangoma Phones? what model?
I do only remote setups and for some strange reason i have never able to provision my S400 phone and it was same strange problem you are describing.
I would try different phone for test.
If you can put your hands on any other brand to test (my go to is Polycome) i think it might be helpful.
I found Sangoma phones to be a nightmare in my remote setups and stopped using them.
To take the idea of external out of the mix here is another angle illustrating the same issue. I am connected via VPN from an external PC. The internal network with the PBX is 192.168.1.x for example. The VPN network is 10.1.1.x. I have added the VPN subnet to the PBX firewall in the Networks section, Trusted. I am able to access all of the other resources on the 192 network from the remote machine. However, I cannot access any resource/port on the PBX from the 10. machine. I should be able to access the management or at least UCP. This again leads me to believe there is something else blocking traffic either within the PBX or in the underlying linux system. This is a PBXact appliance. I have not read anywhere that the appliance is setup with any additional firewalls.
When you are inspecting the Firewall, you need to make sure you are looking at the right port. Since inspection on the exterior port happens before the firewall, you could be seeing the traffic hitting your firewall and being dropped.
If you are not seeing the traffic on the interface on the PBX, you are almost certainly not passing the traffic through the firewall correctly.
What is perplexing is when I connect to the VPN from a remote computer I can connect to all the resources on the target network. However, I cannot connect to the management (or any other port) on the PBX. Connecting through the VPN bypasses the firewall so there is still something on the PBX not allowing the traffic coming from a network other than the subnet the PBX is on directly. I have included the VPN subnet in the settings for the firewall (intrusion detection).
This here is the problem. Don’t faff around with anything else. Your router is not sending the traffic to your PBX. tcpdump runs before the firewall looks at anything, so if traffic is arriving, you’ll see it. Since you’re not seeing it, the problem is in the router.