I am struggling to sort out the correct settings for the firewall on my servers. I’ll start by saying that my servers are configured on internal networks; they are not directly exposed to the internet.
For a while I left the firewall at its default settings, which had the network interfaces set to the “Trusted” zone. I finally decided to go through the process of configuring the firewall. Unfortunately, however, new endpoints are now unable to provision from the server. I am not sure if I have something set incorrectly, or if I am misunderstanding how this should work. I note that I have the same experience on both servers that I have attempted this on.
My configuration is as follows (just including what I believe are the important bits):
- Services (all left at defaults; clarifying a few below)
- SIP Protocol > Internal
- TFTP > Internal
- Interfaces:
- eth0 > Internal (I also tried “External,” as recommended)
- Networks:
- 10.0.0.0/16 > Internal (this is our internal subnet)
When I try to connect a new phone, which has been configured in FreePBX but has not yet connected, it is unable to pick up its configuration from the server. Disabling the firewall allows the phone to connect and correctly pick up its configuration, but once I turn the firewall back on, it is again unable to pick up its configuration from the server.
Any thoughts, or other data that would be useful for troubleshooting?