Hello Guys,

Here is my situation; I'm using Cent OS 5.9 to run my PBX system. I'm trying to do port forwarding directly to my PBX but can't get thru. So far I can get to the router , but that is it.

My config is as follow :

Router(CISCO RV042) 192.168.2.1
SERVER/PBX 192.168.2.2

I'm forwarding the following ports :

5060 - 5090
10000 - 20000
9022 - 9022
8090 - 8090
9001 - 9001
443 - 443
4569 - 4569

am I missing something?

Thank You !

What is the network for your CentOS server? How you have setup the rules for forwarding? And isn't it router responsibility to forward the packets received from CentOS to PBX. I mean that is the device which is acting as bridge. If CentOS and PBX are in separate network (which from your post obviously appears to be otherwise router wouldn't be in picture) then obviously it has to pass via router.

if at all possible upgrade to 5.11 ASAP!!!

cent dose NOT support old versions
There have been NO security updates for 5.9 since Oct.2013

I dont think i understood you well . But the router and the Server are on the same network , I plug a camera to the network and port forward works fine !


Here is a screen shot of the FW !


Action
Condition
Move
Add


Jump to chain fail2ban-BadBots
If protocol is TCP and destination ports are 80,443

Jump to chain fail2ban-VSFTPD
If protocol is TCP and destination port is 21

Jump to chain fail2ban-APACHE
If protocol is TCP

Jump to chain fail2ban-ASTERISK
Always

Jump to chain fail2ban-SSH
If protocol is TCP and destination port is 22

Accept
If input interface is not eth0

Accept
If protocol is TCP and TCP flags ACK (of ACK) are set

Accept
If state of connection is ESTABLISHED

Accept
If state of connection is RELATED

Accept
If protocol is UDP and destination port is 1024:65535 and source port is 53

Accept
If protocol is ICMP and ICMP type is 0

Accept
If protocol is ICMP and ICMP type is 3

Accept
If protocol is ICMP and ICMP type is 4

Accept
If protocol is ICMP and ICMP type is 11

Accept
If protocol is ICMP and ICMP type is 12

Accept
If protocol is TCP and source is 50.242.166.176/29 and destination port is 80

Accept
If protocol is TCP and destination port is 113

Accept
If protocol is TCP and source is 192.168.1.0/24 and destination port is 80

Accept
If protocol is TCP and destination port is 443

Accept
If protocol is TCP and destination port is 9080

Accept
If protocol is UDP and destination port is 4569

Accept
If protocol is UDP and destination port is 1723

Accept
If protocol is UDP and destination port is 5060:5090

Accept
If protocol is UDP and destination port is 10000:20000

Accept
If protocol is TCP and destination port is 5038

Accept
If protocol is UDP and destination port is 123

Accept
If protocol is UDP and source is 192.168.1.0/24 and destination port is 69

Accept
If protocol is TCP and destination port is 9022

Accept
If protocol is UDP and destination port is 5353

Accept
If protocol is TCP and destination port is 4445

Accept
If protocol is TCP and source is 38.126.217.14 and destination port is 22

Accept
If protocol is TCP and source is 70.90.58.250 and destination port is 22

Accept
If protocol is TCP and source is 198.161.132.210 and destination port is 22

Accept
If protocol is TCP and source is 192.168.1.0/24 and destination port is 22

Accept
If protocol is TCP and source is 50.242.166.176/29 and destination port is 9001

Accept
If protocol is TCP and source is 70.90.58.250 and destination port is 9001

Accept
If protocol is TCP and source is 38.126.217.14 and destination port is 9001

Accept
If protocol is TCP and source is 38.126.217.3 and destination port is 9001

Accept
If protocol is TCP and source is 192.168.1.0/24 and destination port is 9001

Accept
If protocol is TCP and source is 198.161.132.210 and destination port is 9001

Accept
If protocol is UDP and source is 50.242.166.176/29 and destination port is 69

Accept
If protocol is TCP and source is 50.242.166.176/29 and destination port is 22

---------- Post added 03-13-15 at 11:55 AM ----------



Ok, i'll try ! What do i get from the update?

So you have got PBX/Server --> Router --> Some external source (you mentioned Camera, am just not sure if that falls in here). You also mentioned that you connect Camera to the network and it works fine. So where the issue is?

From where to where you are trying to forward the packets? If it is an external source terminating at your router and you want those packets to be forwarded to you PBX/Server.

If you could mention the flow it will be easy to understand.

As John VV mentioned you wouldn't get security updates. So upgrading the system to 5.11 will enable you to get security updates for your system. Infact I would suggest migrating to CentOS 6.X if at all possible, I mean if your application works on 6.X then better move to that.

It goes like this :

ISP-> CISCO ROUTER (RV042) -> From the LAN ports on the ROUTER LAN 1 goes to the camera , LAN 2 goes to the server.

If i try to access the server within the network i have no problem , however when i try to do it from outside i cant get thru. Thats why i thought it had something to do with my FW settings, what do you think ?

I am assuming that you have got a static IP configured on your router. Yes, if you are not able to access externally but works fine internally then it is your router which is blocking the traffic.

Here is the link which will help you to test open ports: http://www.yougetsignal.com/tools/open-ports/

Correct ! I've got a static IP Address, if it was the router then i wouldnt be able to access the camera right ?

As you said LAN 1 goes to camera and it works fine when you access it from internet, that means that particular Device (camera) is accessible and router is not blocking any traffic to camera. However, it is blocking traffic coming from the internet to reach to the server.

An easy way to check that out is first check from the site I mentioned earlier whether port which you want to be forwarded to your server are open on the router or not. Next, take a tcpdump on the server and see if the packets are reaching to the server. If they are getting dropped / reject on the server end then it is not your router but your local firewall. If they are not at all reaching the server then it is your router.

For analyzing the packet trace capture using tcpdump, I would suggest using wireshark as it is easy to analyze using that tool.

I tried the WireShark ! I got the dump file ! where do i see if the packets are being dropped or not ?

It is very easy, look for the packets that you were expecting on the server. If you see in the trace then it has reached the server but server did not reply, drop or reject. If you don't see those packet at all then you have to go back to the router and check why it is not forwarding packets to the server.

I found it , The packets are reaching the server ! So i guess i have to look into the server's FW settings ? What do you think ?

Thank You !

Yes, that is correct. If packets are reaching server and then it is getting dropped / reject then the issue is at server end. Router is doing its job of forwarding packets to the destination on the defined ports.

I'll keep trying , thanks for all your help !!