I try to create a configuration for my Panasonic NCP-500 PBX because my old router doesn’t work anymore.
Now… as far as I have understood, the PBX does have 2 internal IPs (main 192.168.7.91 and voipdsp 192.168.7.92). They say, that I should forward ports 5060 and 35060 to port 35060 of the main interface and ports 16000-32000 to the equivalent ports of the voipdsp interface.
That’s what I created:
vyos@vyos:~$ show config
firewall {
all-ping disable
broadcast-ping disable
config-trap disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name SipTrunk {
default-action drop
description SipTrunk
rule 10 {
action accept
source {
address 112.34.44.61
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
twa-hazards-protection disable
}
interfaces {
ethernet eth0 {
address 192.168.7.3/24
}
ethernet eth1 {
}
ethernet eth2 {
}
ethernet eth3 {
address 49.33.164.11/28
vif 100 {
firewall {
in {
name SipTrunk
}
}
}
}
loopback lo {
}
}
nat {
destination {
rule 10 {
destination {
port 5060
}
inbound-interface eth3
protocol udp
translation {
address 192.168.7.91
port 35060
}
}
rule 12 {
destination {
port 35060
}
inbound-interface eth3
protocol udp
translation {
address 192.168.7.91
}
}
rule 20 {
destination {
port 16000-32000
}
inbound-interface eth3
protocol udp
translation {
address 192.168.7.92
}
}
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 49.33.164.1 {
}
}
}
}
system {
config-management {
commit-revisions 100
}
console {
device ttyS0 {
speed 115200
}
}
host-name vyos
ipv6 {
disable-forwarding
}
login {
user vyos {
authentication {
encrypted-password ****************
plaintext-password ****************
}
}
}
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
}
But… something is not working (I cannot establish a connection to the SIP trunk via my PBX). The question is… does someone see what’s wrong? How do I have to configure this forwarding (with additional firewall rules to make sure, that only the SIP trunk can send data to me).