What Are You Doing Right Now
-
@jaredbusch said in What Are You Doing Right Now:
@minion-queen said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
Heading towards 90 today. Just kicked on the AC.
Stuff it. It's snowing... again
Welcome to my yesterday..
mine too. I am so over this!
-
Looking up what I open on my firewall for FreePBX.
-
@eddiejennings said in What Are You Doing Right Now:
Looking up what I open on my firewall for FreePBX.
Umm nothing?
-
@jaredbusch said in What Are You Doing Right Now:
@eddiejennings said in What Are You Doing Right Now:
Looking up what I open on my firewall for FreePBX.
Umm nothing?
Methinks VyOS is going to have fun dropping traffic unless I allow some inbound connections to my PBX
-
I suppose I could attach the NIC of FreePBX to the NIC on my host using macvtap, and bypass my firewall VM.
-
@eddiejennings said in What Are You Doing Right Now:
I suppose I could attach the NIC of FreePBX to the NIC on my host using macvtap, and bypass my firewall VM.
My point was why are you needing to open something INBOUND
-
@jaredbusch said in What Are You Doing Right Now:
@eddiejennings said in What Are You Doing Right Now:
I suppose I could attach the NIC of FreePBX to the NIC on my host using macvtap, and bypass my firewall VM.
My point was why are you needing to open something INBOUND
The IP phone at my home will need to grab a configuration over the Internet. Also, it will send traffic outbound (inbound to the PBX) to register the extension, will it not?
-
@eddiejennings said in What Are You Doing Right Now:
@jaredbusch said in What Are You Doing Right Now:
@eddiejennings said in What Are You Doing Right Now:
I suppose I could attach the NIC of FreePBX to the NIC on my host using macvtap, and bypass my firewall VM.
My point was why are you needing to open something INBOUND
The IP phone at my home will need to grab a configuration over the Internet. Also, it will send traffic outbound (inbound to the PBX) to register the extension, will it not?
Then you need 443, 5061, and some range of ports for RTP.
Obviously 443 should hit your reverse proxy. The rest are straight to your PBX.
For the RTP ports, I suggest setting a small range in your phone's config to force it to use a known set of port and then only forward those to reduce the exposure.
-
The PBX itself does not needs SSL installed (self signed is already there).
-
@jaredbusch said in What Are You Doing Right Now:
@eddiejennings said in What Are You Doing Right Now:
@jaredbusch said in What Are You Doing Right Now:
@eddiejennings said in What Are You Doing Right Now:
I suppose I could attach the NIC of FreePBX to the NIC on my host using macvtap, and bypass my firewall VM.
My point was why are you needing to open something INBOUND
The IP phone at my home will need to grab a configuration over the Internet. Also, it will send traffic outbound (inbound to the PBX) to register the extension, will it not?
Then you need 443, 5061, and some range of ports for RTP.
Obviously 443 should hit your reverse proxy. The rest are straight to your PBX.
For the RTP ports, I suggest setting a small range in your phone's config to force it to use a known set of port and then only forward those to reduce the exposure.
That was the plan. I like the idea of reducing the range of ports for RTP.
-
@eddiejennings said in What Are You Doing Right Now:
@jaredbusch said in What Are You Doing Right Now:
@eddiejennings said in What Are You Doing Right Now:
@jaredbusch said in What Are You Doing Right Now:
@eddiejennings said in What Are You Doing Right Now:
I suppose I could attach the NIC of FreePBX to the NIC on my host using macvtap, and bypass my firewall VM.
My point was why are you needing to open something INBOUND
The IP phone at my home will need to grab a configuration over the Internet. Also, it will send traffic outbound (inbound to the PBX) to register the extension, will it not?
Then you need 443, 5061, and some range of ports for RTP.
Obviously 443 should hit your reverse proxy. The rest are straight to your PBX.
For the RTP ports, I suggest setting a small range in your phone's config to force it to use a known set of port and then only forward those to reduce the exposure.
That was the plan. I like the idea of reducing the range of ports for RTP.
Note, I said 5061 and not 5060. That is the TLS port for PJSIP.
You don't' want your phone sending its login over clear text do you?
-
@jaredbusch said in What Are You Doing Right Now:
@eddiejennings said in What Are You Doing Right Now:
@jaredbusch said in What Are You Doing Right Now:
@eddiejennings said in What Are You Doing Right Now:
@jaredbusch said in What Are You Doing Right Now:
@eddiejennings said in What Are You Doing Right Now:
I suppose I could attach the NIC of FreePBX to the NIC on my host using macvtap, and bypass my firewall VM.
My point was why are you needing to open something INBOUND
The IP phone at my home will need to grab a configuration over the Internet. Also, it will send traffic outbound (inbound to the PBX) to register the extension, will it not?
Then you need 443, 5061, and some range of ports for RTP.
Obviously 443 should hit your reverse proxy. The rest are straight to your PBX.
For the RTP ports, I suggest setting a small range in your phone's config to force it to use a known set of port and then only forward those to reduce the exposure.
That was the plan. I like the idea of reducing the range of ports for RTP.
Note, I said 5061 and not 5060. That is the TLS port for PJSIP.
You don't' want your phone sending it's login over clear text do you?
I do not, another good idea. On that note, will Yealink phones gripe about the fact that the PBX is presenting a self-signed cert?
-
@eddiejennings said in What Are You Doing Right Now:
@jaredbusch said in What Are You Doing Right Now:
@eddiejennings said in What Are You Doing Right Now:
@jaredbusch said in What Are You Doing Right Now:
@eddiejennings said in What Are You Doing Right Now:
@jaredbusch said in What Are You Doing Right Now:
@eddiejennings said in What Are You Doing Right Now:
I suppose I could attach the NIC of FreePBX to the NIC on my host using macvtap, and bypass my firewall VM.
My point was why are you needing to open something INBOUND
The IP phone at my home will need to grab a configuration over the Internet. Also, it will send traffic outbound (inbound to the PBX) to register the extension, will it not?
Then you need 443, 5061, and some range of ports for RTP.
Obviously 443 should hit your reverse proxy. The rest are straight to your PBX.
For the RTP ports, I suggest setting a small range in your phone's config to force it to use a known set of port and then only forward those to reduce the exposure.
That was the plan. I like the idea of reducing the range of ports for RTP.
Note, I said 5061 and not 5060. That is the TLS port for PJSIP.
You don't' want your phone sending it's login over clear text do you?
I do not, another good idea. On that note, will Yealink phones gripe about the fact that the PBX is presenting a self-signed cert?
No.
-
Signing up as a new user & typing this!
-
Headed to Syracuse office today to install network gear
-
Good morning!
-
An observation: I don't know how folks effectively tested stuff before there were VMs. It's so nice to make a change, and if something breaks, apply a snapshot.
-
@eddiejennings said in What Are You Doing Right Now:
An observation: I don't know how folks effectively tested stuff before there were VMs. It's so nice to make a change, and if something breaks, apply a snapshot.
We had second hardware.
-
@eddiejennings said in What Are You Doing Right Now:
VMs. It's so nice to make a change, and if something breaks, apply a snapshot.
That's a storage thing, not a VM thing. VMs didn't give us snapshots. We used snapshots the same before VMs.
-
@eddiejennings said in What Are You Doing Right Now:
An observation: I don't know how folks effectively tested stuff before there were VMs. It's so nice to make a change, and if something breaks, apply a snapshot.
We use to setup a small recovery partition in case we needed to do a restore.
We also used software like deep freeze too.
Having a second computer help with testing as well.
