Step 4 – Elastix After Installation – Network Firewall MikroTik Configure – Knowledgebase

Firewall setup is necessary and important step for Elastix smooth operation.

MikroTik Firewall for Elastix

Here, I use the example ip addresses as;

SIP provider’s IP: 23.220.75.232

MikroTik’s Real IP: 52.85.12.118

Elastix vps LAN/private IP: 192.168.48.10

Please replace with your own IP

1) Create Interface List

Winbox > Interfaces > Interface List

Make sure you have created the Interface List for “LAN” and “WAN”

Add all LAN interfaces to LAN list

Add all WAN interfaces to WAN list

2) Allow SIP provider IP

Winbox > IP > Firewall > Filter Rules

Place these two rules just above the established,related forward rule

Filter Rule 1

Chain=forward
Src. Address=23.220.75.232
Action=accept
Comment=Inbound from SIP provider always accepted

Filter Rule 2

Chain=forward
Dst. Address=23.220.75.232
Action=accept
Comment=Outbound to SIP provider always accepted

3) NAT for remote places extension/telephone-handset

Winbox > IP > Firewall > NAT

NAT Rule 1

Chain=dstnat
Dst. Address=52.85.12.118
Protocol=udp
Dst. Port=5004-5082
In. Interface List=WAN
Extra > Address Type=local
Action=dst-nat
To Addresses=192.168.48.10
To Ports=5004-5082
Comment=SIP allow for remote extensions

NAT Rule 2

Chain=dstnat
Dst. Address=52.85.12.118
Protocol=udp
Dst. Port=10000-20000
In. Interface List=WAN
Extra > Address Type=local
Action=dst-nat
To Addresses=192.168.48.10
To Ports=10000-20000
Comment=RTP allow for remote extensions

NAT Rule 3

Chain=dstnat
Dst. Address=52.85.12.118
Protocol=tcp
Dst. Port=54443
In. Interface List=WAN
Extra > Address Type=local
Action=dst-nat
To Addresses=192.168.48.10
To Ports=443
Comment=Allow remote access to Elastix panel

Then, remote access URL to Elastix is https://52.85.12.118:54443 (use Firefox old version)

4) Check outbound SIP connection is working

If you got any Trunk authentication problem, then use the NC (NetMap) tool to investigate the issue !

If NC tool unavailable, follow this blog https://kb.frankinternet.com/elastix-after-installation-repository-update/

Suppose, if your SIP Trunk service provider server is 23.220.75.232

Then, query the outgoing udp 5060 port by the below command to PuTTy (in Elastix CentOS7) to check if the connectivity with your provider goes success or not;

nc -vz -u 23.220.75.232 5060

5) Reboot MikroTik

Happy Firewalling !

By frankdocPublished On: October 12th, 2025Categories: Elastix IP PBX, IP Telephony, MikroTik RouterOS0 CommentsTags: elastix firewall, elastix network, ip pbx firewall configure, mikrotik firewall, sip firewall, sip networkViews: 21

Step 4 – Elastix After Installation – Network Firewall MikroTik Configure

MikroTik Firewall for Elastix

Leave A Comment Cancel reply