Hello all I am trying to do I guess is a port forward on a RB2011 to setup a FreePBX here is kind of what I have setup.

Ether1=1.0.0.1 wan
Ether2=10.0.0.1 lan
Ether1=1.0.0.2 voip

Local Address for FreePBX 10.0.0.10

IP/Firewall/NAT

Chain=dstnat
Dst Address=1.0.0.2
Action=dst nat
to address = 10.0.0.10
chain=srcnat
Src Address= 10.0.0.10
Action=src nat
To Address=1.0.0.2

When the PBX registers with my host it is showing me that I am connected with 1.0.0.1:1033 and I do not know why. I know I need to setup ports in the Nat Rules I am just unsure of what all to setup. Thanks ahead of time for any help.

Hello all I am trying to do I guess is a port forward on a RB2011 to setup a FreePBX here is kind of what I have setup.

Ether1=1.0.0.1 wan
Ether2=10.0.0.1 lan
Ether1=1.0.0.2 voip

Local Address for FreePBX 10.0.0.10

IP/Firewall/NAT

Chain=dstnat
Dst Address=1.0.0.2
Action=dst nat
to address = 10.0.0.10
chain=srcnat
Src Address= 10.0.0.10
Action=src nat
To Address=1.0.0.2

When the PBX registers with my host it is showing me that I am connected with 1.0.0.1:1033 and I do not know why. I know I need to setup ports in the Nat Rules I am just unsure of what all to setup. Thanks ahead of time for any help.

i also have same issue and one more thing i can't connect using wan ip in local network but connecting outside is fine

What you are trying to do is actually a one to one NAT. So your PBX will act as it has the WAN IP address. The rules are ok, but I would change them with action netmap: It is import that these rules seat above the masquerade rule

I have two other rules in there above the two other rules one is for my VPN

Chain=scrnat
Src Address=10.0.1.0/24
Dst Address=10.0.0.0/24
Action=accept

Chain=srcnat
Src Address=10.0.1.0/24
Dst Address=0.0.0.0/0
Out. Interface= ether1
Action=masquerade

So what you are saying is remove

Chain=dstnat
Dst Address=1.0.0.2
Action=dst nat
to address = 10.0.0.10
chain=srcnat
Src Address= 10.0.0.10
Action=src nat
To Address=1.0.0.2

and add in

chain=dstnat dst-address=1.0.0.2 action=netmap to-address = 10.0.0.10
chain=srcnat src-address=10.0.0.10 action=netmap to-addresses=1.0.0.2

above the masquerade rule. Is that right?

Yes, delete those rules or change the action on those rules to netmap. These rules should be the first, always, so that traffic of these rules does not get processed by the others.

So I made the changes that was suggested. And the PBX is registered at the host however it is still showing it connected with a ip of 1.0.0.1:1033 and not 1.0.0.2:5060. Any ideas on what might be causing it to do that?

Can you do an export of /ip firewall nat and post it in here? Also, how are you testing PBX, is the phone trying to connect from LAN or from outside your LAN?

/ip firewall nat
add action=netmap chain=dstnat disabled=no dst-address=1.0.0.2 to-addresses=10.0.0.10
add action=netmap chain=srcnat disabled=no src-address=10.0.0.10 to-addresses=1.0.0.2
add action=accept chain=srcnat disabled=no dst-address=10.0.10.0/24 src-address=10.0.25.0/24
add action=masquerade chain=srcnat disabled=no dst-address=0.0.0.0/0 out-interface=ether1-gateway \
src-address=10.0.25.0/24

The PBX is connecting to our host who is Flowroute and it shows on there the ip address that is connected to it. The IP it is showing is the address of the Mikrotik not the PBX.

The PBX is connecting to our host who is Flowroute and it shows on there the ip address that is connected to it. The IP it is showing is the address of the Mikrotik not the PBX.

Since it is a netmap, it is possible that PBX shows IP 1.0.0.1 instead of 1.0.0.2. Form the point of view of PBX, it does not know that it has an IP assigned to it as one to one NAT (in other words it does not know that router is masquerading it with another IP). This is only assumption. If you do a traceroute form PBX it will very probably show one hop to 1.0.0.1 and the next to 1.0.0.2.
Best way to test it, is to try to connect to the PBX form outside using 1.0.0.2, it should work.

when i do a traceroute to 1.0.0.2 i never see 1.0.0.1 hop 13 and 14 are both showing 1.0.0.2 but when I do one to 1.0.0.1 I see 1.0.0.1.

when i do a traceroute to 1.0.0.2 i never see 1.0.0.1 hop 13 and 14 are both showing 1.0.0.2 but when I do one to 1.0.0.1 I see 1.0.0.1.

I'm sorry, my bad. If you execute traceroute from PBX you should reach 1.0.0.2 after two hops with no 1.0.0.1 in between.
Anyway, I think you should test the connection by trying to connect to the PBX from outside using 1.0.0.2, if it connects it is working.

Sorry for the delay in responding been busy with other things here at work. I gave the PBX a public IP outside the PBX and it showed the correct information at the provider. However now what I am trying to do is plug the PBX into ether3 and give it the IP of the PBX. when I go to the address I get the web logon for the router not the PBX logon.
I also disabled the nat rules that was discussed previously.
So i am missing something somewhere any help would be great. I really don't know where to go from here.