Configure MikroTik Router with Yeastar PBX

  • Introduction
  • Configure the ports forward on ROS
  • Disable SIP ALG
  • Hairpin NAT

Introduction:

This document describes the port forward configuration of the MikroTik RouterOS router for the remote extensions or some VoIP provider requirements. In general, the operator uses WinBox to configure ROS.

TP.png

Port forwarding on the ROS:

The below list is the ports that we will forward on the ROS, that just show you how to forward the ports on the ROS. For security, please make your own rule.

Item Protocol Internal Port External Port
SIP UDP 5060 5090
RTP UDP 10000-12000 10000-12000
Linkus TCP 8111,8022 8111,8022

Access the ROS via WinBOX.

Navigate: IP --> Firewall --> NAT

General->

  • Chain: dstnat
  • Protocol: 17(udp)                     // Choose the protocol that you want to forward.
  • Dst. Port: 5090                         // The external port.

1.png

Action -->

Action: dst-nat

  • To Addresses: 192.168.5.150      // The internal PBX IP.
  • To Ports: 5060                            // Internal port

2.png

For a range port of RTP.

  • Dst. Port: 10000-12000             //Use “-” for the port range.

3.png

  • To Ports: 10000-12000            //If this internal same with external port, we also can keep this port blank is the same result.

mceclip0.png

Note: if the internal same as the external, and use the same protocol, you can use the below format for the multiple-ports.
Use the “,” comma symbol for the port.

mceclip1.png

 

Disable SIP ALG:

This option is pretty annoying against the VoIP transmission which leads to SIP call drop, one-way audio or no audio issue. It's recommended to disable it if you have the mentioned issues.

Go the menu: IP-->Firewall--> Service Ports

mceclip5.png

Learn more

 

Hairpin NAT:

Hairpin NAT is for the internal device to use the router public IP to access the IP which has been forward. 

See their Wiki: Hairpin NAT

If you have been done the Hairpin NAT on your ROS. On the forwarded device side only see the router gateway IP for all the requests from internal or external. Sometimes it would have trouble for PBX to send back packets to the SIP device correctly. So you would need to disable it in some cases.

Such as the below screenshot.

mceclip2.png

 

How to disabled/enabled the Hairpin NAT on ROS?

Delete or Disable the rule for Hairpin.

The Hairpin NAT rule is like the following:

 Go to the menu: IP --> Firewall --> NAT

--> General:

Disable/remove the rule with the following settings:

  • Chain: srcnat
  • Src. Address: 192.168.123.0/24       //Enter your internal IP range, or keep it blank.
  • Out. Interface: LAN                         // LAN or Bridge

mceclip3.png

--> Action:

  • Action: masquerade                     //Choose this option only.

mceclip4.png

If you don't know how to disable it, try to contact the Mikrotik support.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.