Hi. I’m looking for a bit of guidance on setting up a FreePBX system with two NICs on the same subnet with eth0 as the gateway (WAN) and eth1 as a DHCP server for the phones (LAN). From my testing, the DHCP server will not service requests when the gateway is on the same subnet, even if different NICs are used. More specifically:
Even though it can be done, FreePBX is not meant to act as a gateway device, at least not out-of-the-box. In any case, there should be no problem setting one nic as a gateway and binding the other one to a dhcp server.
arielgrin, what I want is to use a single subnet for both accessing the WAN via the router and servicing the phones on the LAN, using the integrated DHCP server. FreePBX seems to be pushing me away from this.
When I specify a gateway address in the Network Settings dialog in the Admin Pro module, the interface becomes a ‘gateway’. Also, when a gateway IP is specified, that interface cannot also be a DHCP server. In fact, I was unable to have the DHCP server service phones using two interfaces on one subnet. Please keep in mind that I am only using the Admin Pro module for this setup, and not adding routes etc. via CLI.
I’m looking for a bit of direction as to how I can use one subnet for WAN and LAN with the integrated DHCP server.
As I was trying to explain before, FreePBX is not meant to be used like that, at least not out-of-the-box. What you are trying to do is use your FreePBX server as a router and that can’t be accomplished with just the GUI as you have already found out. With the right packages though, you could probably achieve that, not that I would recommend it, but that is just me. I would not want my FreePBX acting as a router, there are other solutions that are better suited for that task, the same way FreePBX is meant to act as a PBX and not anything else, even though it could be done by manually adding packages and manually configuring them.
Thanks ariel. This is where my ignorance comes in. I do not want FreePBX to act like a router, but I want it to direct all WAN traffic to a dedicated (SonicWall) router. I do not know how to do this without specifying a gateway IP on an interface. The PBX server does not need to (and I do not want it to) handle any NAT functions.
To rephrase my question, how can I configure FreePBX (via sys admin pro) to use my router as the gateway without specifying a gateway IP on an interface? How else would FreePBX know how to direct traffic out to the internet? I’m obviously missing a key component here that I have not found in my searching.
The use case for using DHCP for in System Admin Pro is as follows:
eth0 configured appropriately with default gateway for all non-phone IP traffic
eth1 configured with completely different subnet for isolated LAN just for phones
eth0 can be a connection to the main data LAN or directly to an ISP via a modem. The point is that your phones are not connected to an existing LAN, and therefore require the PBX to provide a DHCP service. If you already have a DHCP server (like 99% of installs), there is no need to configure the PBX to do it.
lgaetz, excellent explanation. There is an existing DHCP server in the facility (Exchange server), but I did not want to get into having this configured as multi-scope using extra DHCP options for auto provisioning of phones, as I do not have admin privs to this server. It made sense to me to keep the PBX server as an entirely separate system so that I can access all aspects of it without having to go through the company’s IT services for any future changes.
Ok so this is a completely different situation that was probably misunderstood due to a choice of words, specifically WAN. You don’t want your PBX to act as a router, you just want some specific traffic to go through a specific interface, is that correct? And besides that, you want a specific DHCP for the phones on a completely different subnet so you don’t have to modify the existing DHCP server. While that is completely doable, first thing that comes to mind is that you will not be able to have a computer connected to the second port of the phone and be part of the other subnet, at least not without VLANs and a lot of manual configuration and second is that you will have to create static routes on the PBX to direct specific traffic through a specific network crad. If you are ok with both things, then it is just a matter of setting said routes. For example, you can create a static route to direct your SIP trunk data through the card that is connected to the router. For this to happen, that card should have an IP on the same subnet as the router’s subnet. The card that connects to the phones should have an IP on a different subnet.
If you care to elaborate a little more on your specific scenario, I could try to help you. Even though I have my phones on the same subnet as the rest of my computer’s, my PBX has a dedicated network card to connect it to my VoIP provider so I’m doing that part already and could guide you.
When the phone sends a request to 192.168.1.10 it does not send it to the gateway, it sends it to the .10 address and L2 routing is used. The only time that phone is going to send traffic out the Gateway is when there is nothing that the L2 can answer for. So if the phone has its DNS set to 8.8.8.8 then DNS queries will be routed out the gateway to the Internet or where ever the gateway sends that request.
You actually don’t need to set the gateway in your network settings when you’re doing L2 traffic. You could set up two devices with static IPs on the same subnet and plug them into a dummy switch (not connected to anything else) and you can communicate between the two devices over that subnet. No gateway required or used.
But since phones and the PBX are going to need to use DNS they will need to point to an internal DNS system (L2 traffic as the DNS system is doing L3) or a public DNS which will route out the gateway.
I think the first hurdle here is to fill in the lack of networking knowledge and then look at this because it will change how you even think about or look at this type of solution.
If you have a separate subnet for the phones, connected to the PBX via a dedicated NIC, there is usually no need for the phones to have general connectivity to the internet. Other than SIP and RTP, the phones need DNS, NTP, provisioning and firmware updates. These are all easily supplied by the PBX.
It’s sometimes useful to access a phone’s web interface for troubleshooting, but that can be handled by SSH tunneling or a VPN server on the PBX.
In order for the PBX to do DNS or NTP it will require the service is running on the system. Much like how you need the TFTP, FTP and Apache services running on the system. This would require that Bind, Unbound or another DNS system is installed, configured and running on the PBX. This would also require the NTP server daemon to be installed and then started.
So yes the PBX can provide most of these services as it is a linux box but it doesn’t do this in the FreePBX setup. It would require additional steps to setup and maintain and keep running.
The network switches have already been configured to allow the PBX server to assign IPs to the phones and the Exchange server to assign IPs to the computers, even when the computers are on the second port of the phones. I did not set up the switches so I can’t say what was done there, other than I know VLANs are configured.
I’m waiting to hear back from the IT company before I know what direction we’re going. It is likely that one NIC on the PBX will be dedicated for the SIP trunk on its own subnet and the LAN side with DHCP server will be on its own subnet, separate from PC data. The reason for keeping voice and PC data separate is just for prioritizing. It is common for PCs to transfer large files over the network.
I may take you up on your offer to help further depending on the direction we take.
Thank you for your patience working through my cryptic explanations!
If you are using VLANs you must make sure that the network card on the PBX that will be connecting to the phones has the correct VLAN configuration and so do the phones, otherwise it will not work as expected.
@BlazeStudios . I do have some basic networking know-how, and I am aware that devices that do not need to look outside of their subnet do not require a gateway. It’s actually the PBX server itself that I was having trouble with. My understanding is that in order for the PBX to reach out to the SIP provider (or any other service on the internet), it will need one of the interfaces configured with a gateway. My trouble was that I was trying to configure the gateway and the integrated DHCP server on the same subnet. This I have found out is not doable, or at least not from sys admin pro.
Thanks for taking the time to respond. I do appreciate it!
Stewart, this is what I was hoping for. My understanding was that the phone’s gateway would be the PBX server. I’ve setup a system before but it was simpler, as the phones were on the PC network already serviced by an Exchange DHCP server. I have found however that the call quality can suffer when the network is burdened with large file transfers.
In reality, as long as you have a route to your SIP provider, it doesn’t matter whether is a default route or a static route, so to be strict, you don’t necessarily need a default gateway, just a route that tells how to reach your SIP provider. The default route is used automatically whenever your computer needs to reach a network that it doesn’t “know” how to reach. If you add a static route to your SIP provider, it will use that route instead of the gateway.
I have a FreePBX server with 2 nics. One NIC that connects it to the LAN with no default gateway, just static routes to FreePBX mirrors to allow for updates and another NIC that connects it to my SIP provider also without a default gateway, it just has a static route to the SIP provider. This doesn’t mean that this setup would be OK for your particular situation, is just to illustrate that default gateways are not mandatory, as long as you know how to accommodate without using default gateways. Of course if you need to allow a lot of routes through the NIC that connects the PBX to the internet, it would be easier to use a default gateway, otherwise the static routes could become unmanageably large.
In any case, it seems you are already set up to use VLANs so most of your problem has already been resolved.
More good info! I am aware of the routing table and that static routes can be added, but I’ve never done this…yet! I’ve played around with routes in Windows, which I’m assuming will be a similar concept as Linux/CentOS.
My primary line of work is not IT or the like, but I have enjoyed setting up a couple FreePBX systems. Just don’t know if I could make a living out of it!
Anyway, thanks again for your insight. I was a bit discouraged initially (due to a rather ‘unhelpful’ post early on), but it is apparent there is a good group of people contributing to this forum!
What would be the point of having two nics on the same subnet? Your phone server is not a layer 2 bridge. It’s improper and your time would be better spent learning to configure your main DHCP server to send out the information the phones need and using one interface. Or, use a different subnet for the phones and set up VLANs to separate your DHCP servers. What you’re asking isn’t a FreePBX question, it’s an OS/networking question.