I have a PBX in the cloud. What is the best way to setup DDNS to avoid this?
You can’t avoid it, you need to accommodate it.
once I have the external DDNS name from freepbx, I assume I have to point the phones to that?
FreePBX will not ever supply a name, you need to to do that all on your own there are a few hundred thousand Google hits as to how
under External DDNS Name: freepbx does indeed give one. That’s what I am assuming I use
We have a disconnect, if FPBX supplies you a name to use as your ddns host I will be amazed.
System Admin Pro has a DDNS feature, so you could use that as a band-aid, but you really don’t want a server on a dynamic IP if there’s any way to avoid it.
2 Likes
I’ve never heard of a cloud provider with dynamic IP addresses. Can you please describe your setup?
1 Like
no they are static. The end client public IP is dynamic
Cloud instances on dynamic IPs, this might well be the dumbest thing I’ve ever heard of. April fools day was over a month ago.
the cloud host is static. The end client’s internet is dynamic. The issue is, when the IP changes, they are no longer white listed in the firewall.
I solved this by using the responsive firewall. I didn’t realize the services section.
I am a bit confused here. You wanted to use a DNS which resolves to the PBX WAN IP to allow traffic from a different address? How?
No, the issue was just poorly described. The location where the phones are have a dynamic IP and when it changes they lose connectivity to the PBX.
1 Like
I think you are describing a typical situation where the remote client phones are on dynamic IP, and if the IP changes, due to the service provider changing the client IP, the phone loses connection. This is very common, and easily solved. Read up on Travelin Man on NerdVittles. I think the capability of that approach is already included in the full install of later versions of IncrediblePBX, and all you have to do is set up the DYNDNS profiles for your clients, and a way of updating those. Most routers include a DDNS feature, and when used correctly with DYNDNS, will automatically update IPTABLES when the IP changes. If the router does not have this feature, DYN provides an update client that can be run on any computer located at the same location as the phone. If you need more help, please let me know.
I think you have this confused. Location A is a dynamic IP, so location A requires DDNS. When Location A’s IP is changed, it needs to update the DNS records to show the new IP for the FQDN.
At no point is the PBX involved with this process. As such that means iptables is going to use the last resolution of the FQDN you put in it which would still be the old IP address. iptables does not do real time DNS queries or hostname resolution when filtering packets. It will query hostnames when started/modified and will do rDNS on the IPs when you list the rules.
So that means if the PBX starts up and iptables resolves loc-a.domain.com to 1.1.1.1 then when Location A changes to 1.1.1.32 the PBX will still have 1.1.1.1 as the resolved IP for loc-a.domain.com.
The PBX will need to be part of this process and iptables updated somehow (stop/start, updated, etc.) so that it will do hostname resolution again and see that the loc-a.domain.com has updated to 1.1.1.32.
You are correct, but you do not take this to the last step. The Travelin Man scripts, developed by Ward Mundy I believe, will query a list of FQDN entries by an interval determined by an entry in chrontab, and if its IP has changed, it will update the whitelist in IPTABLES. I know this is a FreePBX forum, and not an IncrediblePBX forum, so perhaps not all users are familiar with Travelin Man. That is why I suggested reading up on it. Here is the link: http://nerdvittles.com/?page_id=21288
No, I am more than aware of Travelin’ Man. This has nothing to do with his scripts but how you made your statement.
That has nothing to do with Travelin’ Man’s scripts. That is a blanketed statement about routers and the DYNDNS service. Your statement makes it sound like it will automatically update iptables. Which it will not, as we both are in agreement on how iptables, it does require an additional step. That statement doesn’t imply that at all.
iptables does not, but the PBX Firewall daemon does. So it is perfectly acceptable to whitelist an fqdn in Firewall and expect future DNS changes to be honored.
This is not the place for discussion about the travelin’ wilburys scripts.
2 Likes
is anyone reading my replies?
1.) HOST IS STATIC (The host is in the cloud with a static IP)
2.) End client which is in a totally different location is DYNAMIC
3.) Not sure why it matters now when I said I solved this with responsive firewall
4.) LOL