User Tools
Table of Contents
PBX in a Flash (PIAF)
PIAF is an Asterisk-based PBX built on Centos 5.
PIAF in a Virtual Machine
Resources
help-pbx
PBX in a Flash for Newbies: http://www.cadvision.com/blanchas/Asterisk/index.html
PiaF without Tears: http://members.optusnet.com.au/bsharif/contributions.htm
Ringdale PBX Administrator's Guide: http://voicefidelity.com/files/pbx-administrators-guide.pdf
Networking
Firewall
Trusted Networks Method
This configuration blocks most everything from everywhere, then allows trusted IP subnets.
Edit /etc/sysconfig/iptables:
To remove access to dangerous ports, change:
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT -A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT -A INPUT -p udp -m udp --dport 4569 -j ACCEPT -A INPUT -p udp -m udp --dport 5000:5082 -j ACCEPT -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT -A INPUT -p tcp -m tcp --dport 4445 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5038 -j ACCEPT
to this:
#-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT #-A INPUT -p udp -m udp --dport 4569 -j ACCEPT #-A INPUT -p udp -m udp --dport 5000:5082 -j ACCEPT #-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 4445 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 5038 -j ACCEPT
To add WhiteList IP addresses for sites from which you need access to the server for admin or phones, find the section of the file that looks like this:
-A INPUT -s 192.168.0.0/255.255.0.0 -j ACCEPT -A INPUT -s 172.16.0.0/255.240.0.0 -j ACCEPT -A INPUT -s 10.0.0.0/255.0.0.0 -j ACCEPT -A INPUT -s 127.0.0.0/255.0.0.0 -j ACCEPT
Add entries just below the existing series that look like this using your actual IP addresses:
-A INPUT -s 111.222.111.222 -j ACCEPT
Checklist
- Be sure you have added a WhiteList entry for the IP address you're using to access your server, or you will lock yourself out!
- Restart your firewall to load the new settings:
service iptables restart
- Verify that your new settings are working and are what you expected to see:
iptables -nL
- Attempt to access your virtual machine's web interface using the browser on your cellphone (assuming it is not in your WhiteList). This will validate that the firewall is working properly by denying you access.
Installation
Download and burn the PiaF 1.6 ISO image. It will run on Atom-based (newer) hardware.
Log in as root:
genzaptelconf netconfig service network restart nano -w /etc/asterisk/sip_custom.conf externip=180.12.12.12 localnet=192.168.1.0/255.255.255.0 passwd-master
FreePBX default login with user 'maint' and password 'password')
Other passwords can be set in your system with these commands:
passwd | reset your root user password |
passwd-maint | reset your FreePBX maint password |
passwd-wwwadmin | for users needing FOP and MeetMe access |
passwd-meetme | for users needing only MeetMe access |
passwd-webmin | for users needing WebMin access to their server (very dangerous!) |
E-Mail Message Delivery
nano -w /etc/hosts 127.0.0.1 pbx.dyndns.org pbx.local pbx localhost.localdomain localhost
nano -w /etc/asterisk/vm_general.inc serveremail=voicemail@pbx.dyndns.org
service network restart amportal restart echo "test" | mail -s testmessage yourname@gmail.com setup-mail
Centos Updates
If you update your CentOS configuration, you will need to reinstall it by running update-scripts, then update-fixes, and then install-netconfig.
PiaF Updates
update-source
