User Tools
This is an old revision of the document!
Table of Contents
PBX in a Flash (PIAF)
PIAF is an Asterisk-based PBX built on Centos 5.
PIAF in a Virtual Machine
Help
help-pbx
Networking
Firewall
Trusted Networks Method
This configuration blocks most everything from everywhere, then allows trusted IP subnets.
Edit /etc/sysconfig/iptables:
To remove access to dangerous ports, change:
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT -A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT -A INPUT -p udp -m udp --dport 4569 -j ACCEPT -A INPUT -p udp -m udp --dport 5000:5082 -j ACCEPT -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT -A INPUT -p tcp -m tcp --dport 4445 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5038 -j ACCEPT
to this:
#-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 9001 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT #-A INPUT -p udp -m udp --dport 4569 -j ACCEPT #-A INPUT -p udp -m udp --dport 5000:5082 -j ACCEPT #-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 4445 -j ACCEPT #-A INPUT -p tcp -m tcp --dport 5038 -j ACCEPT
To add WhiteList IP addresses for sites from which you need access to the server for admin or phones, find the section of the file that looks like this:
-A INPUT -s 192.168.0.0/255.255.0.0 -j ACCEPT -A INPUT -s 172.16.0.0/255.240.0.0 -j ACCEPT -A INPUT -s 10.0.0.0/255.0.0.0 -j ACCEPT -A INPUT -s 127.0.0.0/255.0.0.0 -j ACCEPT
Add entries just below the existing series that look like this using your actual IP addresses:
-A INPUT -s 111.222.111.222 -j ACCEPT
Summary
- Be sure you have added a WhiteList entry for the IP address you're using to access your server, or you will lock yourself out!
- Restart your firewall to load the new settings:
service iptables restart
- Verify that your new settings are working and are what you expected to see:
iptables -nL
- Attempt to access your virtual machine's web interface using the browser on your cellphone (assuming it is not in your WhiteList). This will validate that the firewall is working properly by denying you access.
Installation
Download and burn the PiaF 1.6 ISO image. It will run on Atom-based (newer) hardware.
Log in as root:
genzaptelconf
netconfig
service network restart
nano -w /etc/asterisk/sip_custom.conf
externip=180.12.12.12 localnet=192.168.1.0/255.255.255.0
passwd-master
(FreePBX default login with user 'maint' and password 'password')
Other passwords can be set in your system with these commands:
passwd… reset your root user password passwd-maint… reset your FreePBX maint password passwd-wwwadmin… for users needing FOP and MeetMe access passwd-meetme… for users needing only MeetMe access passwd-webmin… for users needing WebMin access to your server (very dangerous!)
E-Mail Message Delivery
nano -w /etc/hosts
127.0.0.1 pbx.dyndns.org pbx.local pbx localhost.localdomain localhost
nano -w /etc/asterisk/vm_general.inc
serveremail=voicemail@pbx.dyndns.org
service network restart amportal restart
echo “test” | mail -s testmessage yourname@gmail.com
#setup-mail
Centos Updates
If you update your CentOS configuration, you will need to reinstall it by running update-scripts, then update-fixes, and then install-netconfig.
PiaF Updates
update-source
Last changed (in Tomboy): 2011-05-13 Note created (in Tomboy): 2009-10-22
