Differences

This shows you the differences between two versions of the page.

--- voice:pbx:piaf [2011/11/26 20:26]
gcooper
+++ voice:pbx:piaf [2016/08/18 13:02] (current)
gcooper
@@ Line 15: / Line 15: @@
 [[voice:pbx:piaf_virtual|PBX in a Flash - Virtual Machine]]
-===== Help =====
+===== Resources =====
 <file>
 help-pbx
 </file>
+**PBX in a Flash for Newbies**: http://www.cadvision.com/blanchas/Asterisk/index.html
+**PiaF without Tears**: http://members.optusnet.com.au/bsharif/contributions.htm
+**Ringdale PBX Administrator's Guide**: http://voicefidelity.com/files/pbx-administrators-guide.pdf
 ===== Networking =====
-==== Bridged ====
+==== Firewall ====
-If you choose a Bridged network where an IP comes from your DHCP server, you'll need to add a file: /etc/sysconfig/network-scripts/ifcfg-eth0
+=== Trusted Networks Method ===
-Make it look like this:
-DEVICE=eth0
+This configuration blocks most everything from everywhere, then allows trusted IP subnets.
-BOOTPROTO=dhcp
-DHCPCLASS=
-ONBOOT=yes
-In addition, there is a problem with /etc/sysconfig/network. Edit the file using the actual hostname of your machine so that it looks like this:
+Edit ''/etc/sysconfig/iptables'':
-NETWORKING="yes"
+To remove access to dangerous ports, change:
-NETWORKING_IPV6=no
-HOSTNAME="whateveryourhostnameis"
+<file>
+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT
+-A INPUT -p udp -m udp --dport 4569 -j ACCEPT
+-A INPUT -p udp -m udp --dport 5000:5082 -j ACCEPT
+-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 4445 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5038 -j ACCEPT
+</file>
-Then service network restart
+to this:
+<file>
+#-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+#-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
+#-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
+#-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
+#-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
+#-A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT
+#-A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT
+#-A INPUT -p udp -m udp --dport 4569 -j ACCEPT
+#-A INPUT -p udp -m udp --dport 5000:5082 -j ACCEPT
+#-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
+#-A INPUT -p tcp -m tcp --dport 4445 -j ACCEPT
+#-A INPUT -p tcp -m tcp --dport 5038 -j ACCEPT
+</file>
+To add WhiteList IP addresses for sites from which you need access to the server for admin or phones, find the section of the file that looks like this:
+<file>
+-A INPUT -s 192.168.0.0/255.255.0.0 -j ACCEPT
+-A INPUT -s 172.16.0.0/255.240.0.0 -j ACCEPT
+-A INPUT -s 10.0.0.0/255.0.0.0 -j ACCEPT
+-A INPUT -s 127.0.0.0/255.0.0.0 -j ACCEPT
+</file>
+Add entries just below the existing series that look like this using your actual IP addresses:
+<file>
+-A INPUT -s 111.222.111.222 -j ACCEPT
+</file>
+=== Checklist ===
+  - Be sure you have added a WhiteList entry for the IP address you're using to access your server, or you will lock yourself out!
+  - Restart your firewall to load the new settings:
+      * ''service iptables restart''
+  - Verify that your new settings are working and are what you expected to see:
+      * ''iptables -nL''
+  - Attempt to access your virtual machine's web interface using the browser on your cellphone (assuming it is not in your WhiteList). This will validate that the firewall is working properly by denying you access.
 ===== Installation =====
@@ Line 48: / Line 101: @@
 Log in as root:
+<file>
 genzaptelconf
@@ Line 60: / Line 114: @@
 passwd-master
+</file>
-([[FreePBX]] default login with user 'maint' and password 'password')
+FreePBX default login with user 'maint' and password 'password')
 Other passwords can be set in your system with these commands:
-passwd... reset your root user password
+|''passwd''          |reset your root user password            |
-passwd-maint... reset your [[FreePBX]] maint password
+|''passwd-maint''    |reset your FreePBX maint password        |
-passwd-wwwadmin... for users needing FOP and MeetMe access
+|''passwd-wwwadmin'' |for users needing FOP and MeetMe access  |
-passwd-meetme... for users needing only MeetMe access
+|''passwd-meetme''   |for users needing only MeetMe access     |
-passwd-[[webmin]]... for users needing [[WebMin]] access to your server (very dangerous!)
+|''passwd-webmin''   |for users needing WebMin access to their server (very dangerous!) |
 **E-Mail Message Delivery**
+<file>
 nano -w /etc/hosts
 .0.0.1     pbx.dyndns.org pbx.local pbx localhost.localdomain localhost
+</file>
+<file>
 nano -w /etc/asterisk/vm_general.inc
 serveremail=voicemail@pbx.dyndns.org
+</file>
+<file>
 service network restart
 amportal restart
-echo "[[test]]" | mail -s testmessage yourname@gmail.com
+echo "test" | mail -s testmessage yourname@gmail.com
-#setup-mail
+setup-mail
+</file>
 **Centos Updates**
@@ Line 96: / Line 155: @@
 **PiaF Updates**
+<file>
 update-source
+</file>
-Last changed (in Tomboy): 2011-05-13
-Note created (in Tomboy): 2009-10-22

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools