Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
3cx - ports not match
« previous
next »
Print
Pages: [
1
]
Author
Topic: 3cx - ports not match (Read 1697 times)
jensl
Newbie
Posts: 6
Karma: 0
3cx - ports not match
«
on:
April 11, 2023, 05:47:15 pm »
HELLO,
I have a freshley installated 3CX on an hyper-v (Debian install). bevor that is an opnsense, that should be configured like this:
[URL unfurl="true"]https://www.3cx.com/docs/pfsense-firewall/[/URL]
sadly i get the following errors when running the firewall check of the 3cx
testing port 5090... Mapping does not match 5090. Mapping is 15454. (How to resolve?)
testing ports [9000..9398]... failed (How to resolve?)
testing port 9000... Mapping does not match 9000. Mapping is 37427. (How to resolve?)
testing port 9002... Mapping does not match 9002. Mapping is 3031. (How to resolve?)
testing port 9004... Mapping does not match 9004. Mapping is 50285. (How to resolve?)
testing port 9006... Mapping does not match 9006. Mapping is 59049. (How to resolve?)
testing port 9008... Mapping does not match 9008. Mapping is 45467. (How to resolve?)
testing port 9010... Mapping does not match 9010. Mapping is 49269. (How to resolve?)
does anyone have any idea where i can look for further help?
i usuing an fibre connection with multiple ip adresses (the second one is used for the 3cx) and an cable connection for the normal internet.
the dns is running on an active directory and is configured for split dns.
Logged
meyergru
Hero Member
Posts: 1689
Karma: 165
IT Aficionado
Re: 3cx - ports not match
«
Reply #1 on:
April 11, 2023, 06:18:59 pm »
Configure an outbound NAT rule with "static port" enabled for the 3CX IP placed before normal outbound NAT rules. Otherwise, ports will get mapped arbitrarily.
BTW: You are certainly aware of the latest security problems of 3CX?
«
Last Edit: April 11, 2023, 08:22:47 pm by meyergru
»
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
jensl
Newbie
Posts: 6
Karma: 0
Re: 3cx - ports not match
«
Reply #2 on:
April 11, 2023, 06:33:04 pm »
hey,
yeah i create an outbound rule - not quite sure if there is any option to put it "before" other rules?
change the mode to hybrid
(i did.... produced me quite some work the last week, but seems like they used it as an wakeup call and changed finally some other problems too)
Logged
meyergru
Hero Member
Posts: 1689
Karma: 165
IT Aficionado
Re: 3cx - ports not match
«
Reply #3 on:
April 11, 2023, 06:57:47 pm »
I assume you only have one public IPv4 (You do actually have one, do you? This is not a CGNAT line?), so with that, you need a NAT rule for your LAN devices anyway.
So, in order to match your 3CX server before it hits that general outbound NAT rule without "static port" enabled, as is usual for any non-VoIP device, you need order your rules such that the one for the 3CX server is above/before that general LAN NAT rule.
But maybe I am wrong, as you did not provide a clear layout of what you have before you.
«
Last Edit: April 11, 2023, 08:21:34 pm by meyergru
»
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
3cx - ports not match