Difference between revisions of "Installing FusionPBX behind pfSense"

From FusionPBX
Jump to: navigation, search
Line 1: Line 1:
First we need to config pfSense to open the necessary ports for FusionPBX and Freeswitch
+
The principles explained here can also apply to almost any other Firewall.
  
In pfSense navigate to '''Firewall >> Aliases''' and click on the Ports TAB.
+
== 1. Create Alias Ports in pfSense==
  
'''Name:''' PBX/n
+
* First we need to config pfSense to open the necessary ports for FusionPBX and Freeswitch
'''Description:''' FusionPBX
 
'''Type:''' Ports
 
  
Then proceed to add the ports as follows:
+
* In pfSense navigate to '''Firewall >> Aliases''' and click on the Ports TAB.
  
'''Port      Description'''
+
'''Name:'''         PBX
80            HTTP
+
'''Description:'''  FusionPBX
443          HTTPS
+
'''Type:'''          Ports
5060:5061    SIP Internal
 
5080:5081    SIP External
 
16384:32768  RTP
 
  
After you are finished Click SAVE
+
* Then proceed to add the ports as follows:
  
 +
'''Port'''          '''Description'''
 +
80            HTTP
 +
443          HTTPS
 +
5060:5061    SIP Internal
 +
5080:5081    SIP External
 +
16384:32768  RTP
  
== Configure Port Forwarding ==
+
* After you are finished Click SAVE
 +
 
 +
== 2. Configure pfSense Port Forwarding ==
  
 
Click on the '+' to add a new Entry
 
Click on the '+' to add a new Entry
  
Firewall: NAT: Port Forward: Edit
+
'''Firewall >> NAT >> Port Forward:''' Edit
  
'''Interface:''' WAN
+
'''Interface:''' WAN
'''Protocol:''' TCP/UDP
+
'''Protocol:''' TCP/UDP
'''Destination:''' <<Select a Public IP from the List>>
+
'''Destination:''' <<Select a Public IP from the List>>
'''Destination Port Range:'''   
+
'''Destination Port Range:'''   
 
                       from: (Other) [[PBX]]
 
                       from: (Other) [[PBX]]
 
                       to:  (Other) [[PBX]]
 
                       to:  (Other) [[PBX]]
  
'''Redirect target IP:'''    10.10.0.10
+
'''Redirect target IP:'''    10.10.0.10
'''Redirect target port:'''   (Other) PBX
+
'''Redirect target port:''' (Other) PBX
 +
 
 +
'''Description:''' FusionPBX
 +
'''NAT reflection:''' Use system default
 +
 
 +
* Click SAVE when done.
 +
 
 +
 
 +
== 3. Configure FusionPBX ==
 +
 
 +
* In FusionPBX
 +
 
 +
'''System >> Variables'''
 +
 
 +
'''IP Address'''
 +
 
 +
  external_rtp_ip      XX.XX.XX.XX
 +
  external_sip_ip      XX.XX.XX.XX
 +
 
 +
'''Advanced >> SIP Profiles'''
 +
 
 +
Edit the Internal Profile and add:
  
'''Description:''' FusionPBX
+
'''Name:'''   aggressive-nat-detection
'''NAT reflection:''' Use system default
+
'''Value:'''   true
 +
'''Enabled:''' True
  
Click SAVE when done.
+
In most cases this should work fine. 
 +
I have tested with inbound and outbound calls, calls between extensions, music on hold, call transfers without issues.

Revision as of 22:38, 2 April 2014

The principles explained here can also apply to almost any other Firewall.

1. Create Alias Ports in pfSense

  • First we need to config pfSense to open the necessary ports for FusionPBX and Freeswitch
  • In pfSense navigate to Firewall >> Aliases and click on the Ports TAB.
Name:          PBX
Description:   FusionPBX
Type:          Ports
  • Then proceed to add the ports as follows:
Port          Description
80            HTTP
443           HTTPS
5060:5061     SIP Internal
5080:5081     SIP External
16384:32768   RTP
  • After you are finished Click SAVE

2. Configure pfSense Port Forwarding

Click on the '+' to add a new Entry

Firewall >> NAT >> Port Forward: Edit

Interface: WAN
Protocol: TCP/UDP
Destination: <<Select a Public IP from the List>>
Destination Port Range:  
                      from: (Other) PBX
                      to:   (Other) PBX
Redirect target IP:    10.10.0.10
Redirect target port:  (Other) PBX
Description: FusionPBX
NAT reflection: Use system default
  • Click SAVE when done.


3. Configure FusionPBX

  • In FusionPBX

System >> Variables

IP Address

 external_rtp_ip       XX.XX.XX.XX
 external_sip_ip       XX.XX.XX.XX

Advanced >> SIP Profiles

Edit the Internal Profile and add:

Name:    aggressive-nat-detection
Value:   true
Enabled: True

In most cases this should work fine. I have tested with inbound and outbound calls, calls between extensions, music on hold, call transfers without issues.