Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » voice » pbx » freepbx » freepbx_distro_vm
Trace: freepbx_distro_vm
voice:pbx:freepbx:freepbx_distro_vm

Table of Contents

Build a FreePBX Distro Virtual Machine

See also Other FreePBX pages in this wiki

See also FreePBX Branding

See also Prepare a Linux VM as a Template

Documentation: http://wiki.freepbx.org/display/FD/Converting+Stock+Centos+to+a+FreePBX+Distro

Downloads: https://www.freepbx.org/downloads/

Warnings

:!: CAUTION! This document assumes your PBX is behind a firewall and not exposed directly to the Internet.

:!: Be VERY careful exposing your PBX to the outside world. Otherwise, YOU WILL BE HACKED and it can be VERY expensive! Evildoers are constantly looking for loose security settings on PBXs (and anything else).

:!: NEVER use trivial passwords for anything! Even internally. Otherwise, YOU WILL BE HACKED and it can be VERY expensive!

Updating

See also FreePBX Upgrade

XenServer

Create the PBX VM

Create a new PVHVM using the Other Install Media template and the 64-bit FreePBX Distro .iso file.

:!: The FreePBX Distro supports PVOPS and will install para-virtualized drivers automatically.

:!: Most PBXs need even less disk space than is listed here.

The following are estimates only. Sizing is easy to adjust later on virtualization platforms.

PBX Size RAM vCPUs Disk Size Anticipated Simultaneous Calls Notes
Small 768MB 1 15GB 3-7 Perfect for small offices
Medium 1024MB 2 25GB 5-10 Minimum for iSymphony
Large 1536MB 4 40GB 8-20+ More than most small offices need

Install XenServer Tools

After creating the PBX VM and installing the FreePBX Distro SNG7:

  1. In XenCenter, choose VM → Install XenServer Tools
  2. Install the tools at the VM CLI:
mkdir -p /mnt/tmp && mount /dev/sr0 /mnt/tmp
yum localinstall /mnt/tmp/Linux/xe-guest-utilities-*.x86_64.rpm
yum localinstall /mnt/tmp/Linux/xe-guest-utilities-xenstore-*.x86_64.rpm
reboot

Install FreePBX Distro

:!: The 32-bit version uses fewer resources than the 64-bit version.

After creating the VM with the Other Install Media template, boot your new VM to the FreePBX Distro .iso file.

Choose Full Install - No RAID.

Choose DHCP for networking if you are building a template.

:!: If you don't need IPv6, you can disable it during install.

Networking

:!: You may need to do this before updating.

Set the networking to DHCP mode so new VMs don't step on others once instantiated: 

sed -i '/^\(HWADDR\|UUID\|BOOTPROTO\|IPADDR\|NETMASK\|NM_CONTROLLED\|ONBOOT\)=/d' /etc/sysconfig/network-scripts/ifcfg-eth[012]
echo -e "BOOTPROTO=dhcp\nNM_CONTROLLED=no\nONBOOT=yes" >> /etc/sysconfig/network-scripts/ifcfg-eth0

service network restart

DHCP Server

:!: This step is optional. Skip this unless you know you need a DHCP server on your PBX. Modify to suit your needs.

:!: We genearlly install the package and a sample configuration file, but we don't start the services.

Install and configure the DHCP server: 

yum install dhcp

vim /etc/dhcp/dhcpd.conf
option domain-name "yourdomain.local";
option domain-name-servers 8.8.8.8, 8.8.4.4;
option vlan-id code 132 = text;
default-lease-time 14400;
max-lease-time 28800;
ddns-update-style interim;
ignore client-updates;
log-facility local7;
authoritative;

subnet 192.168.56.0 netmask 255.255.255.0 {
     range dynamic-bootp         192.168.56.65 192.168.56.199;
     option subnet-mask          255.255.255.0;
     option routers              192.168.56.1;
     option domain-name          "yourdomain.local";
     option domain-name-servers	 192.168.56.30, 8.8.8.8;
     option time-offset          -25200;	# Mountain Standard Time
     option ntp-servers	         192.168.56.1;
     option tftp-server-name     "192.168.56.30";
     if substring(hardware, 1, 3) = 00:0B:82 {           # for Grandstream phones
         option vlan-id           "201";
     } else if substring(hardware, 1, 3) = 00:08:5D {    # for Aastra phones
         option vlan-id           "201";
     } else if substring(hardware, 1, 3) = 00:0E:08 {    # for Linksys phones
         option vlan-id           "201";
     } else if substring(hardware, 1, 3) = 00:15:65 {    # yealink
         option vlan-id           "201";
     } else if substring(hardware, 1, 3) = 00:04:f2 {    # polycom
         option vlan-id           "201";
     }
}

Start the services: 

service dhcpd start
tail -30 /var/log/messages
chkconfig dhcpd on

Firewall

See PBX Security

:!: The FreePBX Distro is wide open at installation and has Fail2Ban installed. If your FreePBX is behind a hardware firewall, this is acceptable. But it's like leaving your front door unlocked and locking your front gate at home.

External Firewall

:!: Only open the firewall or forward the ports that are absolutely necessary.

:!: If you don't have any remote extensions, don't open the SIP ports (UDP) 5060-5061.

:!: If you are using SIP trunks, and you sometimes get one-way audio, you may have to open or forward RTP ports (UDP) 10000-20000.

:!: If using IAX for trunks or extensions, you may have to open or forward (UDP) port 4569.

Assuming your PBX is behind a NAT firewall of some sort, forward some ports in to the PBX (Mikrotik example shown): 

/ip firewall nat add action=dst-nat chain=dstnat comment="Forward UDP ports to PBX" \
dst-port=5060-5061,10000-20000,4569 in-interface=ether1 protocol=udp to-addresses=<PBX_IP>

PBX Internal Firewall

:!: This is not intended to show the perfect firewall. Adjust to your needs.

This command shows what ports your PBX is using: 

netstat -tuapn

Create or modify the built-in iptables firewall: 

vi /etc/sysconfig/iptables

Make it look something like this (add lines between ACCEPT and REJECT lines): 

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 58080 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 5060:5061 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 10000:20000 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 4569 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 67:69 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

:!: You can limit access by source address by adding -s xxx.xxx.xxx.xxx/nn to an accept rule. This is advised for SIP on ports 5060 and 5061.

Sending E-Mail

See Postfix Authenticated Smarthost

Configuration First Steps

http://wiki.freepbx.org/display/FPG/First+Steps+After+Installation

FreePBX → Settings → Advanced Settings → Asterisk Manager → Asterisk Manager Password 

chkconfig iSymphonyServerV3 off
chkconfig apcupsd off
chkconfig --list

Prosody IM (XMPP) Server

:!: The Prosody IM server is installed by default but requires manual configuration or the purchase of the XMPP Pro commercial module.

http://schmoozecom.com/freepbx/xmpp.php

http://wiki.freepbx.org/display/FCM/XMPP+Chat+Management

http://prosody.im/doc/configure

voice/pbx/freepbx/freepbx_distro_vm.txt · Last modified: 2018/06/03 10:54 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki