For Trixbox to communicate successfully with a VOIP provider using SIP through a NAT, you have to make sure your router/firewall forwards the following ports to your LAN/Private IP address assigned to the Trixbox server.
Be sure the LAN/Private address is statically assigned to the Trixbox server and it is not assigned dynamically via DHCP.
UDP Port 5060 is for SIP communication. This is only used for setting up calls, taking down calls and so on.
UDP Port 5060-5082 range is also for SIP communications. Some phones (ie. Grandstream GXP-2000) don't use the same SIP port for each subsequent line (line 1 registers with 5060, line 2 5062, line 3 5064 and line 4 5066)
TCP Port 5060 is for SIP but thought to be rarely used.
UDP Port 10000 - 20000 is for RTP - the media stream aka the voice/video channel.
You also need to edit the sip_nat.conf file.
Inside of Free PBX, Select Config Edit sip_nat.conf. Inside of sip_nat.conf add the following and click "Update":
externip = 1.2.3.4 (enter your permanent WAN/Public internet address here. Or you if you have one, you can use a DynamicDNS domain name. Obviously it's easier to get a static IP address and avoid using DynamicDNS altogether.)
If you are using a dynamic dns domain name, you should rather use:
externhost = home.mydomain.com
externrefresh = 5 (which means lookup hostname every 5 minutes to refresh ip adress)
localnet = internal.network.address.0/255.255.255.0 (put your LAN/Private NETWORK address of your Trixbox server, this is NOT the IP address of the server!!!!)
Check etc/hosts file: most standard instructions ask you to put the same name as you gave the Trixbox server in the hosts file under the address 127.0.0.1
ie. 127.0.0.1 localhost asterisk.localhost mytrixbox.mytrixbox.com (name of your server)
To make it really secure (some routers/firewalls may not be able to do this), try to configure the router/firewall to ONLY forward those ports from the VOIP SIP provider IP address or DNS name.
This way only your VOIP SIP provider traffic gets forwarded to your NATed Trixbox server. HOWEVER, if you want to have remote phones floating around on the internet (example: Your sales person has a SoftPhone that he uses to make calls and check his voicemail from hotels, other companies, hotspots, etc.) do not do this!! You will obviously cut off any remote phone from being able to speak to your asterisk server.