I3CX app connection problem outside my network.
i need help configurating my 3CX app.
my problemm is, when my phone is conncted to my network, it works fine;but when i connect my phone to another network, my 3cx application doesn't work.
for the wan I use a public static ip address
and create a virtual ip and redirect it to opt2 using my other pubblic address
i know that it works because if i ping the public ip, it responds
if i disable the opt2, it doesnt respond.
then i just create a dmz on opt2 (192.168.124.254)
my 3CX is 192.168.124.100
this the opt2 rules
protcol souse port dest port gw
IPv4 * OPT2 net * * * *
IPv4 * OPT2 net * * 53 (DNS)
IPv4 * OPT2 net * OPT2 address *
IPv4 * * * OPT2 net *
these are my port forwarding rules
in these rules 3CX is an Alias
WAN UDP * * This Firewall 5090 3CX 5090 3CX 5090 UDP
WAN UDP * * This Firewall 9000 - 10999 3CX 9000 - 10999 3CX RTP
WAN UDP * * This Firewall 9000 - 10999 3CX 9000 - 10999 3CX RTP
WAN TCP * * This Firewall 5090 3CX 5090 3CX 5090 TCP
WAN TCP * * This Firewall 5065 3CX 5065 3CX SIP
WAN UDP * * This Firewall 5065 3CX 5065 3CX SIP UDP
WAN TCP * * This Firewall 5001 3CX 5001 3CX HTTPS
WAN TCP * * This Firewall 443 3CX 443 3CX HTTPS
then all works fine, only the 5001 and the 443 don't work
all the other ports work fine
i just create an outbond rule
with this, when i do a 3cx network test, all the udp test pass well..
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN 3CX * * * Interface address * YES
There's no problem inside my network with my 3cx app, the problem is that the app doesn't connect outside my network.
I've been working on this for 2 days and I don't understand what is the problem. Help me please.
You will not only need rules on WAN, you will need NAT Rules, too.
Do you have setup NAT Rules?
sorry...
what kind of rules?
I understand this is a port forwarding problem because 3CX test works but if I try to do a port test via https://www.yougetsignal.com/tools it says that it is closed. I don't have a lot of experience with port forwarding on dmz. Do you have any idea?
Inviato dal mio iPhone utilizzando Tapatalk
You defined incoming Rules but maybe not NAT rules:
https://docs.opnsense.org/manual/nat.html
To do port forwarding you need NAT rules AND incoming rules.
If you create incoming NAT rules you can generate the incoming rules automatically.
I do nat portforwarding rules, you can see in my first post.
The problem is port not pass to dmz...
Sorry my fault.
Port 443 can make problems if you're using it for your management. Have you changed the management port to a different one?
Please make some screenshots of your rules and NAT rules and post them.
Yes i change the default from 443 to 40443.
The problem is port not open for DMZ
this is my configuration pw
this the opt2 roles
this the wan roles
the outbond role...
whit this role the 3cx port test work well
i know something is wrong...
thanks for help me
why do users not reply in this forum? more than 100 views. i need you
doing tests I receive calls via the app, but I cannot answer. but the app does not register.
nSince it seems a urgent problem, you should consider paid support.
All support given here is free and voluntary service.
3CX does not provide support for firewall issues. in any case it is a problem of port openings towards the dmz. it's my first time setting up a DMZ on Opnsense and I don't have much experience. the DMZ has no problems with the LAN is the WAN access the problem.
Inviato dal mio iPhone utilizzando Tapatalk
Thought more of some OPNsense support. To debug this further a remote connection or remote support session would be the best thing. Consider to buy some support and get things sorted out for you.
One thing that came to my mind looking on your NAT rules is that you're pointing them to the "This Firewall" Alias. Can you please change them to the incoming interface. For Example "WAN Address" or the IP of your WAN if you have fixed IP?
"This Firewall" contains all configured local IPs and maybe leads to unnecessary NAT rules.
yes I have several public ip I have configured one as virtual ip assigned to the dmz. I had already tried to set both the public IP and the wan address, nothing changes.
Thanks Banym for your help,
but where are the opnsense experts ??? maybe they started using ZyWall ????
[emoji1787][emoji1787][emoji1787][emoji1787][emoji1787]
What do you mean by you have assigned the virtual ip to the dmz? Please show the virtual IP configuration.
To make it short.
You should screenshot all the configuration you made and upload it here or link to it.
Please make a network diagram how you want to configure it.
Why are you using outbound NAT rule and what do you want to do with it?
(https://uploads.tapatalk-cdn.com/20200907/3b28e5772328af54edec9e8eb3d8352f.jpg)
I'll do the diagram tomorrow.
What alternative do I have to the bar roules?
Well, that virtual IP is not on OPT2 it comes in on WAN like all your other public IPs.
In my understanding your DMZ is OPT2 and that is a local address.
Please create that virtual IP on your WAN.
The hybrid outbound rules maybe should be removed, too.
For testing switch it to automatic.
I think you want to create a new outbound rule later to NAT your DMZ to the incoming virtual IP but first verify try with automatic rules until the inbound NAT works.
great you found the problem, i stated the virtual ip to the wan and now it works. Thank you so much
Inviato dal mio iPhone utilizzando Tapatalk
you are welcome.
please mark the thread as solved by editing the subject in your first post and add [solved] to it.
Thank you and enjoy your OPNsense.
yes sure now i do. You're right outbound rules are no longer needed. but before with these I was able to use 3CX in the office. now the 3CX test passes even if I disable them