Home » Kerio User Forums » Kerio Operator » port forward over ethernet ports?

Messages: 60
Karma: 0
Send a private message to this user
hi all,

i have a small question wich i have not been able to figure out just jet,
i have a kerio operator with 4 ethernet ports.
ethernet port 1 is connected to my network wich is connected to the internet.
and ethernet port 2 is connected to all the phones only.

both nics also have different ip Ranges.
ethernet port 1 has
ethernet port 2 has With dhcp server

is it possible for me to acces the phones directly?
maybe with some kind of port forwarding? forward to
in my eyes it seems like a router functionality wich i am asking for?

hope i am clear enough:)
and hope to hear anyone soon
thanks in advance!


Messages: 285
Karma: 59
Send a private message to this user
Yes, that is a router function. There are lots of ways to solve that issue. In support of Kerio, you can review their Control product.

I have my Operator behind my Control device.

Messages: 60
Karma: 0
Send a private message to this user
is there no way to do it with the operator itself?

maybe even in the Linux config files?

Messages: 285
Karma: 59
Send a private message to this user
I'd have to ask why not put the phones on the network and avoid the whole issue in the first place?

Since your Internet facing interface is, that implies you already have a router that provides NAT functionality. It also likely performs firewall functions.

You could probably get a router working on the underlying Linux OS, but I doubt they would consider that a supported configuration. It just depends on how you want to support your network.

My favorite answer is to use a hypervisor and deploy Control as a VM, then use a Linux (or other OS) VM for your ancillary functions (routing, DNS, HTTP, etc.). Once you are virtualized, you have a lot more control over what you can do.

Messages: 60
Karma: 0
Send a private message to this user

we have 2 internet connections, 1 of them goes Straight to our voip provider and it blockes all other trafic. (voip only line)
the other internet connection is a everyday normal internet line.

and we want to intergrate Salesforce with kerio operator.
so we want all the voip traffic to go over the voip line.
but we also want the operator to be visable on the other internet connection for salesforce and maybe softphones/phones at home in the future.

and we dont want other people to mess around on the voip only netwerk (been there done that) to guarantee a good/healthy network:)

so how i have it setup now is.

Internet connection Line A (voip) goes to a modem(fritzbox) then to Ethernet slot 0 on the kerio operator. (ip range 192.168.8.x)

internet connetion line B (internet) goes to ethernet port 1 on the operator. (iprange 192.168.5.x

all the phones are connected to a POE swithc wich is connected to port 2 on the operator. (ip range 192.168.9.x with dhcp on at the operator for provisioning)

in the routing tables i added a line that all trafic to our voip provider goes over gateway 8.1 the rest should/is going over gateway 5.1

thisway voip has its own private network and no one at the building should/could mess with it.

the phones get there dhcp from the kerio so auto provisioning works without problems.

and the internet modem has dhcp on for the rest of the computers.

1 of the phones has a Attendand module on the phone.
wich i am unable to program from the kerio operator sofar.
so i would like to get a direct link to that phone (reason i thought of some kind of port forwarding)

and for silar, we dont use a kerio in a vm, we have the hardware editon.
and that company has most resources in the cloud so they dont got a server at this point.

i hope this story made sence:)
if not, im sorry and let me know i will try to make it clearer then.


Messages: 285
Karma: 59
Send a private message to this user
It all makes sense.

Does your POE switch support routing? Most enterprise class switches have basic static or RIP routing. You would only need static routing to make it work.
Filip Jenicek (Kerio)

Messages: 968
Karma: 80
Send a private message to this user

Operator can not route packets between network interfaces. It's not a router, but a PBX system.

You said your self that you don't want people to mess with the voice network and yet you need it, so which one is it?

I think you have the following options to configure the Attendant module:
a) Temporarily connect your computer to the voice network.
b) Have one computer in both networks (two NICs).
c) Use Template overrides or make a static configuration file in /var/tftp in Operator.
d) Hack Operator to do the port forwarding, after all it's just a linux system.
e) Get a real router to be able to create more specific rules.


Messages: 2
Karma: 0
Send a private message to this user
So, I have a similar question. I have a small office and we are migrating them from a old analog PBX to Kerio. I know that I can assign a static External (public) IP to my Kerio and a static Internal (192.168.x.x) and use the DHCP to provide option 66 to the phones.

Is it possible to use the firewall in Kerio and provide DHCP and routing for the computers on the network? The Kerio interface seems have no problem connecting out for updates, etc, but traffic from computers connected behind the Kerio Operator are not routing to the external interface.

Is is possible to configure this or must I connect the Kerio to my ISP's router twice (public and private) and use the gateway on the router? Can I still use the DHCP server for all devices inside the network so that I can get option 66 handed out?


Tim Kamps
iTechnologies, LLC
Technology Integration Services

 Distinguished Educator, Class of 2009

MACUL Board President 2009-2010

Messages: 60
Karma: 0
Send a private message to this user

i think what u should do is the following,

only use 1 ethernet port on the kerio,
connect that port to a switch,
connect the router and your whole network to that switch.

disable dhcp in the router.
enable dhcp server in the kerio on the port you used.

i think that should create the situation u are looking for?
Previous Topic: Wrap up Time
Next Topic: Kerio Operator 2.3.0 RC 1
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Dec 09 22:45:05 CET 2018

Total time taken to generate the page: 0.81193 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.