Difference between revisions of "Installing FusionPBX behind pfSense"
From FusionPBX
(→3. Configure FusionPBX) |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | + | The principles explained here can also apply to almost any other Firewall. | |
− | + | == 1. Create Alias Ports in pfSense== | |
− | + | * First we need to config pfSense to open the necessary ports for FusionPBX and Freeswitch | |
− | |||
− | |||
− | + | * In pfSense navigate to '''Firewall >> Aliases''' and click on the Ports TAB. | |
− | ''' | + | '''Name:''' PBX |
− | + | '''Description:''' FusionPBX | |
− | + | '''Type:''' Ports | |
− | |||
− | |||
− | |||
− | + | * Then proceed to add the ports as follows: | |
+ | '''Port''' '''Description''' | ||
+ | 80 HTTP | ||
+ | 443 HTTPS | ||
+ | 5060:5061 SIP Internal | ||
+ | 5080:5081 SIP External | ||
+ | 16384:32768 RTP | ||
− | == Configure Port Forwarding == | + | * After you are finished Click SAVE |
+ | |||
+ | == 2. Configure pfSense Port Forwarding == | ||
Click on the '+' to add a new Entry | Click on the '+' to add a new Entry | ||
− | Firewall | + | '''Firewall >> NAT >> Port Forward:''' Edit |
− | '''Interface:''' WAN | + | '''Interface:''' WAN |
− | '''Protocol:''' TCP/UDP | + | '''Protocol:''' TCP/UDP |
− | '''Destination:''' <<Select a Public IP from the List>> | + | '''Destination:''' <<Select a Public IP from the List>> |
− | '''Destination Port Range:''' | + | '''Destination Port Range:''' |
from: (Other) [[PBX]] | from: (Other) [[PBX]] | ||
to: (Other) [[PBX]] | to: (Other) [[PBX]] | ||
− | '''Redirect target IP:''' 10.10.0.10 | + | '''Redirect target IP:''' 10.10.0.10 |
− | '''Redirect target port:''' | + | '''Redirect target port:''' (Other) PBX |
+ | |||
+ | '''Description:''' FusionPBX | ||
+ | '''NAT reflection:''' Use system default | ||
+ | |||
+ | * Click SAVE when done. | ||
+ | |||
+ | |||
+ | == 3. Configure FusionPBX == | ||
+ | |||
+ | * In FusionPBX | ||
+ | |||
+ | '''System >> Variables''' | ||
+ | |||
+ | '''IP Address Section''' | ||
+ | If you have a static public IP you can replace XX.XX.XX.XX with that IP. | ||
+ | |||
+ | external_rtp_ip XX.XX.XX.XX | ||
+ | external_sip_ip XX.XX.XX.XX | ||
+ | |||
+ | or if you have a dynamic IP address you can get a Dynamic DNS from a company such as dyndns.org. | ||
+ | |||
+ | external_rtp_ip myname.dyndns.org | ||
+ | external_sip_ip myname.dyndns.org | ||
+ | |||
+ | '''Advanced >> SIP Profiles''' | ||
+ | |||
+ | Edit the Internal Profile and add: | ||
+ | |||
+ | '''Name:''' aggressive-nat-detection | ||
+ | '''Value:''' true | ||
+ | '''Enabled:''' True | ||
+ | |||
+ | Now we need to Stop and Start the internal profile for the changes to take effect. | ||
+ | |||
+ | '''Status >> SIP Status''' | ||
− | + | Stop and Start the Internal Profile. | |
− | |||
− | + | In most cases this should work fine. | |
+ | I have tested with inbound and outbound calls, calls between extensions, music on hold, call transfers without issues. |
Latest revision as of 22:48, 2 April 2014
The principles explained here can also apply to almost any other Firewall.
1. Create Alias Ports in pfSense
- First we need to config pfSense to open the necessary ports for FusionPBX and Freeswitch
- In pfSense navigate to Firewall >> Aliases and click on the Ports TAB.
Name: PBX Description: FusionPBX Type: Ports
- Then proceed to add the ports as follows:
Port Description 80 HTTP 443 HTTPS 5060:5061 SIP Internal 5080:5081 SIP External 16384:32768 RTP
- After you are finished Click SAVE
2. Configure pfSense Port Forwarding
Click on the '+' to add a new Entry
Firewall >> NAT >> Port Forward: Edit
Interface: WAN Protocol: TCP/UDP Destination: <<Select a Public IP from the List>> Destination Port Range: from: (Other) PBX to: (Other) PBX
Redirect target IP: 10.10.0.10 Redirect target port: (Other) PBX
Description: FusionPBX NAT reflection: Use system default
- Click SAVE when done.
3. Configure FusionPBX
- In FusionPBX
System >> Variables
IP Address Section If you have a static public IP you can replace XX.XX.XX.XX with that IP.
external_rtp_ip XX.XX.XX.XX external_sip_ip XX.XX.XX.XX
or if you have a dynamic IP address you can get a Dynamic DNS from a company such as dyndns.org.
external_rtp_ip myname.dyndns.org external_sip_ip myname.dyndns.org
Advanced >> SIP Profiles
Edit the Internal Profile and add:
Name: aggressive-nat-detection Value: true Enabled: True
Now we need to Stop and Start the internal profile for the changes to take effect.
Status >> SIP Status
Stop and Start the Internal Profile.
In most cases this should work fine. I have tested with inbound and outbound calls, calls between extensions, music on hold, call transfers without issues.