Dual Homed Systems with SNG7

macjacfish · November 11, 2018, 3:46am

I have been setting up mainly VM Ware based systems for the last few years and have gotten away from stand alone systems. I’m now trying to setup a standalone server with One NIC for the Public IP and another NIC for the internal network. I used to have to set net.ipv4.ip_forward=1 in the /etc/sysctl.conf file and also setup a masquerade in the IPTABLES…but the sysctl.conf file appears to be system generated these days as does the IPTABLES…so does anyone know how to do two nics in this newer SNG7 world?

Stewart1 · November 11, 2018, 5:34am

I don’t know anything about SNG7 but your request seems somewhat strange; it seems that you are trying to use the server as an internet router for the ‘internal network’. If that’s your company network I’d recommend against it for several reasons. If it’s just for the phones (which also need access to the internet for NTP, firmware updates, etc.) it’s a good architecture but the isolation may make troubleshooting and certain integrations more difficult.

If this ‘internal network’ has another path to the internet, the settings you mentioned are not needed.

BlazeStudios · November 11, 2018, 6:56am

https://wiki.freepbx.org/display/FPG/System+Admin+-+DHCP

cynjut · November 13, 2018, 3:29pm

Using two NICs on a server isn’t unusual, but there are a couple of caveats that you might want to keep in mind:

Set up one interface as the external interface and set the eth’x’ options so that the hardware address matches the config you are setting up. That way, you don’t get “wandering” IP addresses showing up and messing with your mind.
Remember that Asterisk is a back-to-back user agent, so there is no requirements for port forwarding. Incoming calls will come in to the public address and the phones will connect to the LAN address. The internal leg and the external leg will be bridged in the PBX. Performance hint: unless the phones need to “check in” with an external server (firmware call-in, for example), set up the phones so they are on their own internal network. I like to use 192.168.60.x for this. Set it up so that all of the services you need on that network (DHCP, DNS, NTP) are served through the server (which I would put at 192.168.60.1).

Be sure to turn on the Firewall. If you are using phones that are coming in from the “public” side, you will probably want to set up the Adaptive Firewall.

system · November 20, 2018, 3:29pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.