Configuring the firewall for FreePBX

Internal firewall

Go to the Connectivity menu, submenu Firewall. I guess you should run the Wizard to accomplish a basic configuration. Anyway, Make sure that the FreePBX main interface (eth0) is defined as Local(Local trusted traffic) under the Interfaces tab.

The networks tab should include all the devices that should be able to contact the FreePBX server:

  • all your VoIP phones
  • potential software phones
  • your main computer (to manage the FreePBX system).
  • Don’t forget to allow your external SIP server (uplink) to contact your FreePBX!

Network firewall

I needed to define a Port Forwarding rule in my router’s (Unifi Dream Machine Pro) firewall to allow the external SIP server (my uplink) to contact my internal FreePBX server. I specifically allow the external server’s IP to access the IP of my FreePBX on port 5060 on both (UDP, TCP) protocols.

It is also recommended to disable the Conntrack Modules in the router that handle SIP traffic (H.323 and SIP), although it might help if you are in a double-NAT network.

Leave a Reply