Difference between revisions of "Installing FusionPBX behind pfSense"

Latest revision as of 22:48, 2 April 2014

The principles explained here can also apply to almost any other Firewall.

1. Create Alias Ports in pfSense

• First we need to config pfSense to open the necessary ports for FusionPBX and Freeswitch

• In pfSense navigate to Firewall >> Aliases and click on the Ports TAB.

Name:          PBX
Description:   FusionPBX
Type:          Ports

• Then proceed to add the ports as follows:

Port          Description
80            HTTP
443           HTTPS
5060:5061     SIP Internal
5080:5081     SIP External
16384:32768   RTP

• After you are finished Click SAVE

2. Configure pfSense Port Forwarding

Click on the '+' to add a new Entry

Firewall >> NAT >> Port Forward: Edit

Interface: WAN
Protocol: TCP/UDP
Destination: <<Select a Public IP from the List>>
Destination Port Range:  
                      from: (Other) PBX
                      to:   (Other) PBX

Redirect target IP:    10.10.0.10
Redirect target port:  (Other) PBX

Description: FusionPBX
NAT reflection: Use system default

• Click SAVE when done.

3. Configure FusionPBX

• In FusionPBX

System >> Variables

IP Address Section If you have a static public IP you can replace XX.XX.XX.XX with that IP.

 external_rtp_ip   XX.XX.XX.XX
 external_sip_ip   XX.XX.XX.XX

or if you have a dynamic IP address you can get a Dynamic DNS from a company such as dyndns.org.

 external_rtp_ip   myname.dyndns.org
 external_sip_ip   myname.dyndns.org

Advanced >> SIP Profiles

Edit the Internal Profile and add:

Name:    aggressive-nat-detection
Value:   true
Enabled: True

Now we need to Stop and Start the internal profile for the changes to take effect.

Status >> SIP Status

Stop and Start the Internal Profile.

In most cases this should work fine. I have tested with inbound and outbound calls, calls between extensions, music on hold, call transfers without issues.