simple firewall rules for VOIP phones call testing made through VOIP telephony system
I want to test the VOIP Telephony system installed in a IP PBX server behind a NAT router. This NAT router connects to a modem (with NAT as well), and then the modem (with static public IP assigned by the ISP, e.g. 18.104.22.168) directly connects to the Internet. There are several IP phones connect to the IP PBX server. The NAT router is configured as DHCP, and as a gateway (e.g. 192.168.3.1) also for the LAN (the NAT router, the IP PBX server and the IP phones consist this LAN). The IP PBX server and the IP phones all connect to the ports of the NAT router, and are with static local IP addresses (e.g. 192.168.3.10, 192.168.3.11, 192.168.3.12, 192.168.3.13 etc). This is the setup of the VOIP telephony system.
I want to make inbound and outbound VOIP phone calls to test the VOIP telephony system. For security, I need to setup the firewall in the IP PBX server (192.168.3.10). But to make it simple as a start (and make it more and more complicated when the simple one works), I plan to just add very simple rules to accept all the incoming and outgoing traffics between Internet and the IP PBX server (192.168.3.10), and forward all the traffic from this IP PBX server (192.168.3.10) to the IP phones (192.168.3.11, 192.168.3.12, 192.168.3.13). The purpose to make the firewall in the IP PBX server as simple as possible is to avoid the possibility that the inappropriate configuration of the IP PBX server firewall lead to the VOIP phone calls failed (there are other reasons could make the VOIP phone calls failed also, e.g. the inappropriate configuration of IP PBX server and the inappropriate of IP phones ......), then I can narrow down the root cause to make the VOIP phone calls failed.
Below is the simple firewall I want to setup in the IP PBX server, i.e. accept and incoming and outgoing traffics, and forward all traffics to IP phones, without specifying any source and destination IP addresses and ports. It is much appreciated if you can help to verify whether this simple firewall rules are ok for my purpose.
# Wipe the tables clean
# INPUT SIDE
iptables -A INPUT -j ACCEPT
# Output side
iptables -A OUTPUT -j ACCEPT
# FORWARD SIDE
iptables -A FORWARD -j ACCEPT