FreePBX 2.2.1 Webmin

rroginela · September 9, 2008, 5:55pm

Hi,

Is it ok to install Webmin onto my FreePBX box? Any gotha’s or best practices? Also anyone have experiance running Hobbit System monitoring agent on thier FreePBX/Astersik system?

Thank You!
Rafal

plindheimer · September 9, 2008, 7:07pm

webmin should not be an issue.

richardteachout · September 10, 2008, 10:06pm

Just be aware, the default port for webmin is 10000, so if 10000 is in your RTP range,
you should change the default port webmin runs on.

Many freepbxers (pbxinaflash for example) run on port 9001

You can easily change the port by editing
/etc/webmin/miniserv.conf
The first line is the port
port=9001

Then just restart webmin (service webmin stop && service webmin start)
(Reminder: You may also need to update your firewall ports to allow this!)

-> Yes you could change the RTP range, but why… webmin is easier.

jmullinix · September 11, 2008, 2:03am

If webmin uses TCP 10000 and RTP uses UDP 10000, why is there a conflict? I understand that some routers do not allow you to distinguish between UDP and TCP, but if your router will support it, they are different ports with the same number, aren’t they?

richardteachout · September 11, 2008, 6:10am

That is a valid point, and I didn’t mean to imply there would be a conflict, as they technically won’t conflict (webmin - tcp 10000, rtp - udp 10000), and I should have been more clear why I recommended switching it.

Here is my opinion (and it is solely that… just an opinion, but it’s main purpose is to make troubleshooting easier)
-Many people don’t normally setup iptables correctly defining tcp vs udp (heck, many admins don’t fully understand the difference), so by having them on different ports, it makes it very clear in iptables rules, and easier to setup/manage.
-As you already mentioned, some routers (especially behind simple NAT routers) don’t distinguish, or distinguish well, tcp vs udp, so to help eliminate hard to diagnose random rtp issues in these scenarios, it’s so easy to change the webmin port, why not! (I’d rather have someone just change webmin ports - easy to explain - then have to troubleshoot with packet sniffing software to find a dumb router was in the mix messing it up later on)

If you are confident your network/routers will not be an issue, and are very familiar with iptables rules (assuming you are running a firewall on the same machine) then there is no reason to change webmin’s port number…

Example IPtables rules related to this.

Allow connections to our SIP-RTP server - change --dport appropriately

-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT

Allow connections to our Webmin server ONLY from a specified SOURCE IPaddress

webmin can be accessed by “root” by default, so lock it down, or you potentially can be brute force attacked

-A INPUT -p tcp -m tcp -s your.remote.ip.address --dport 9001 -j ACCEPT

Restricting access can also be done from within webmin itself… Webmin->Webmin Configuration->IP Access Control, but it is always better to use the firewall whenever possible, but any restriction is better than no restriction

Also, in webmin, I recommend doing the following.
–In Webmin->Webmin configuration, SSL Encryption… enable it.
–In Webmin->Webmin configuration->Upgrade Webmin – you should NOT forget to update it regularly (especially if your webmin is publicly available). This can easily be done from within webmin itself in the webmin configuration, and only takes a few moments.

Oh, and one more small note… regardless of what port you run webmin on, be sure nothing else is running on that port before changing it, should you decide to change it… i.e… don’t setup webmin to run on port 80, as apache (Freepbx) is running on port 80…

Hopefully this helps clarify this a bit more.

richardteachout · September 11, 2008, 6:18am

I wouldn’t recommend running a hobbit/big brother/nagios or similar central console on the same box as your asterisk, as they are often very memory and processor intensive, but I’ve had no issues yet running monitoring clients(agents) on the same machine.

I don’t have any experience with hobbit, but I’ve implemented a number of other clients(agents) sucessfully.

Also, Munin is a pretty good app, you may want to glance at that, if you just want statistics of the asterisk!

Best of luck… post some info on your results with Hobbit if you go down that road!

rroginela · September 11, 2008, 5:58pm

Hi, thank you for all the input! Hobbit agent is all I was installing and it installed ok and is running smooth. Webmin is running, as of now on 10000 since there are no routers between me and the Asterisk box nor any of it’s clients. I will add the suggestion to my notes just in case things change though. Thank you for the help and try out Hobbit it is incredible especially if you deal with smaller places but as i understand it it monitors huge Data Centers too I just find it sooo much easier to get up and running and configured then the alternatives but I have run the alternatives before and I like Nagios allot. Agian thank you for the input and help!

Rafal