Connect external VOIP client to Trixbox Asterisk via NAT

Trixbox Asterisk


  • Tixbox Asterisk VOIP server on company's LAN network.
  • Remote client with Linksys SPA 942 VOIP phone trying to connect to Asterisk VOIP server via WAN (no VPN).
  • Remote client has a static external IP address
  • SonicWall firewall on company's network is configured as follows:
    • The firewall has a range of 8 external IP addresses, and one IP address ( is dedicated to the VOIP service.
    • All incoming traffic from to is allowed and routed to the VOIP server.
    • All outgoing traffic from the VOIP server is allowed and routed via
  • Draytek Vigor firewall on client's side doesn't have any special setup. All outgoing traffic is allowed, and all incoming traffic is blocked by NAT.

Find if permission denied errors are caused by SELinux

SELinux, short for Security Enhanced Linux, is a Linux security module that is part of many Linux server distributions. While SELinux increases server security (despite being created by NSA), it often results in some unexpected access/permission denied errors.

If you get one of such errors on a server with SELinux enabled, and there are no obvious file permission issues, you should check if the issue is caused by SELinux. To check the status of SELinux, run:


You should get something like this:

SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28

"Current mode: enforcing" indicates that SELinux is running.

Install and configure CentOS web server (LAMP)

Install CentOS (minimal install).

CentOS installation

Configure network

Run: ip a to find your network adaptor's name. In my case the adaptor is called ens32.

Navigate to /etc/sysconfig/network-scripts/ and open network configuration file with your network adaptor name, i.e. ifcfg-ens32

vi ifcfg-ens32

Edit the file replacing all IP addresses according to your network requirements. 

HWADDR =00:0B:27:A1:DC:1A

Start network:

service network start

Run: ip a again to make sure configuration was applied correctly. You should now have working network connection.


Subscribe to receive occasional updates on new posts.
Your email will not be used for any other purpose and you can unsubscribe at any time.
Please wait