====== PBX in a Flash (PIAF) ====== PIAF is an Asterisk-based PBX built on Centos 5. http://www.pbxinaflash.com/ http://knol.google.com/k/pbx-in-a-flash http://pbxinaflash.com/wiki http://pbxinaflash.com/forum ===== PIAF in a Virtual Machine ===== [[voice:pbx:piaf_virtual|PBX in a Flash - Virtual Machine]] ===== Resources ===== help-pbx **PBX in a Flash for Newbies**: http://www.cadvision.com/blanchas/Asterisk/index.html **PiaF without Tears**: http://members.optusnet.com.au/bsharif/contributions.htm **Ringdale PBX Administrator's Guide**: http://voicefidelity.com/files/pbx-administrators-guide.pdf ===== Networking ===== ==== Firewall ==== === Trusted Networks Method === This configuration blocks most everything from everywhere, then allows trusted IP subnets. Edit ''/etc/sysconfig/iptables'': To remove access to dangerous ports, change: -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT -A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT -A INPUT -p udp -m udp --dport 4569 -j ACCEPT -A INPUT -p udp -m udp --dport 5000:5082 -j ACCEPT -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT -A INPUT -p tcp -m tcp --dport 4445 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5038 -j ACCEPT to this: #-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT #-A INPUT -p udp -m udp --dport 4569 -j ACCEPT #-A INPUT -p udp -m udp --dport 5000:5082 -j ACCEPT #-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 4445 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 5038 -j ACCEPT To add WhiteList IP addresses for sites from which you need access to the server for admin or phones, find the section of the file that looks like this: -A INPUT -s 192.168.0.0/255.255.0.0 -j ACCEPT -A INPUT -s 172.16.0.0/255.240.0.0 -j ACCEPT -A INPUT -s 10.0.0.0/255.0.0.0 -j ACCEPT -A INPUT -s 127.0.0.0/255.0.0.0 -j ACCEPT Add entries just below the existing series that look like this using your actual IP addresses: -A INPUT -s 111.222.111.222 -j ACCEPT === Checklist === - Be sure you have added a WhiteList entry for the IP address you're using to access your server, or you will lock yourself out! - Restart your firewall to load the new settings: * ''service iptables restart'' - Verify that your new settings are working and are what you expected to see: * ''iptables -nL'' - Attempt to access your virtual machine's web interface using the browser on your cellphone (assuming it is not in your WhiteList). This will validate that the firewall is working properly by denying you access. ===== Installation ===== Download and burn the PiaF 1.6 ISO image. It will run on Atom-based (newer) hardware. Log in as root: genzaptelconf netconfig service network restart nano -w /etc/asterisk/sip_custom.conf externip=180.12.12.12 localnet=192.168.1.0/255.255.255.0 passwd-master FreePBX default login with user 'maint' and password 'password') Other passwords can be set in your system with these commands: |''passwd'' |reset your root user password | |''passwd-maint'' |reset your FreePBX maint password | |''passwd-wwwadmin'' |for users needing FOP and MeetMe access | |''passwd-meetme'' |for users needing only MeetMe access | |''passwd-webmin'' |for users needing WebMin access to their server (very dangerous!) | **E-Mail Message Delivery** nano -w /etc/hosts 127.0.0.1 pbx.dyndns.org pbx.local pbx localhost.localdomain localhost nano -w /etc/asterisk/vm_general.inc serveremail=voicemail@pbx.dyndns.org service network restart amportal restart echo "test" | mail -s testmessage yourname@gmail.com setup-mail **Centos Updates** If you update your CentOS configuration, you will need to reinstall it by running update-scripts, then update-fixes, and then install-netconfig. **PiaF Updates** update-source