All traffic on port 5060 gets lost in whole network

Question

I am having issues forwarding port 5060 in my firewall/router to a FreeSWITCH server.

Our firewall/router is an Uniquiti Edge Router X. The server's local IP is 10.0.0.216, the router's 10.0.0.1. Moreover, we have some other PCs in the network, let's say 10.0.0.10 etc.

Our public IP address is, let's say 1.3.1.2 for example. The hostname example.com points to 1.3.1.2.

All traffic on port 5060 using both tcp disappears entirely, while udp id working:

10.0.0.216 $ sudo netcat -l 5060
...
10.0.0.10 $ netcat 10.0.0.216 5060 # same using example.com instead of IP
test # does not appear at our destination host
...
10.0.0.216 $ netcat 10.0.0.216 5060 # even on local machine
test # does not appear in the other netcat


### Same for all other devices

10.0.0.10 $ sudo netcat -l 5060 # or even on any other machine in the network
...
10.0.0.10 $ netcat 10.0.0.216 5060
test # does not appear in the other netcat

### When using any other port

10.0.0.216 $ sudo netcat -l 5061 # for any other port it's working
...
external-device $ netcat example.com 5061
test # perfectly appears on our destination host

Even more confusing: even a local netcat on port localhost 5060 does not work, independant of the host. It is nether working locally on 10.0.0.216 nor on 10.0.0.10 (or any other local device). iptables -F does not contain anything aka is disabled as is ufw...

✗ sudo iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.18.0.0/16        0.0.0.0/0           
MASQUERADE  all  --  10.7.7.0/24          0.0.0.0/0           
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
MASQUERADE  tcp  --  172.18.0.2           172.18.0.2           tcp dpt:80
MASQUERADE  tcp  --  10.7.7.10            10.7.7.10            tcp dpt:3008

Chain DOCKER (2 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
DNAT       tcp  --  0.0.0.0/0            10.7.7.1             tcp dpt:5000 to:172.18.0.2:80
DNAT       tcp  --  0.0.0.0/0            127.0.0.1            tcp dpt:3008 to:10.7.7.10:3008

✗ sudo iptables -L -n       
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  0.0.0.0/0            0.0.0.0/0           
DOCKER-ISOLATION-STAGE-1  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (3 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            172.18.0.2           tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            10.7.7.10            tcp dpt:3008

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  0.0.0.0/0            0.0.0.0/0           
DOCKER-ISOLATION-STAGE-2  all  --  0.0.0.0/0            0.0.0.0/0           
DOCKER-ISOLATION-STAGE-2  all  --  0.0.0.0/0            0.0.0.0/0           
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (3 references)
target     prot opt source               destination         
DROP       all  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0           
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

✗ sudo tcpdump -iany -vvn -s0 port 5060
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
06:25:50.779745 IP (tos 0x0, ttl 64, id 16067, offset 0, flags [DF], proto TCP (6), length 60)
    10.0.0.10.53806 > 10.0.0.216.5060: Flags [S], cksum 0xa89c (correct), seq 156110932, win 64240, options [mss 1460,sackOK,TS val 1675345422 ecr 0,nop,wscale 7], length 0

...

$ netcat 10.0.0.216 -v 5060
10.0.0.216 5060 (sip): Connection refused

If using any other port instead of 5060, e.g. 5061 all localhost netcat, internal network netcats and external netcats work.

How can this happen? How do I make port 5060 work in my network?