The Phone system 60 has three 1000BaseT ports. System Admin module makes possible to setup different subnets on each of the physical ports and to design additional VLANs too, if needed.
Is it the right way for setting up, for instance, a first subnet with the SIP phones in it on eth0 and a different subnet with the DMZ on eth1 ? I failed to find specific guidance on that in the wiki pages of the System Admin module covering network settings
http ://wiki.freepbx.org/display/FPG/System+Admin±+Network+Settings. (manually altered URL, the editor refuses to publish my post with a link inside)
What do you think about having phones on one leg and SIP trunks on the other one ?
There’s no “right” way, except that you want to have a way that works for you.
Since there are three ports, you can literally set them up in any configuration that makes sense to you. Having said that, here is how I’d set that up:
Set up one so that it sits on the network to the “outside world”. If that means going through your firewall, that’s cool. If you can dedicate an address to the interface, then go ahead.
You can set up a second interface to point to a non-routable address block (192.168.x.x, for example). Put your phones on that network.
Here’s the tricky part. If your “outside facing” interface goes through an external firewall, you can put that interface on a different non-routable network that goes out (like 72.16.x.x or 10.0.x.x) and your phones on another network (192.168.x.x) and plug both interfaces into the same network switch. As long as the IP addresses aren’t in the same network, this will work fine.
The advantage is that the phones can never access the Internet directly - their only route out is through the phone system. Since it’s “dual homed”, the traffic has to be brokered through the PBX.
Since you have a third interface, you can then set that interface up as a DMZ interface, or a management interface if you’d prefer.
There are a few limits to what you can do with addresses and interfaces, but as long as it works, there are no right or wrong answers.
Thanks Dave for the description. I had in mind to use rfc1918 subnets on the two interfaces. The issue which I am facing is rather related to FreePBX itself.
I failed to configure the two different subnets in the System Admin module (Network Settings sub menu). When I configure a subnet on eth1, the existing configuration on eth0 gets cleared. When I configure back the subnet on eth0, the existing configuration on eth1 gets cleared. I am not able to setup two different subnets on two different physical ports at the same time. This is where I got confused. I guess the solution will sounds obvious once I will got it. May you advise me in the matter ?
I know that the settings for those have worked in the past, so it’s either a recently added bug (in which case you need to file a ticket through the Issues tab (above)) or it’s PEBKAC (Problem Exists Between Keyboard And Chair). Honestly, I don’t know which it will be, but you should be looking for technical support from Sangoma especially since you bought an actual Sangoma appliance instead of the “fun” route of installing the distro version of FreePBX on whatever sketchy hardware you have laying around (like I do).
There’s nothing preventing you from going into the system and setting the Ethernet configurations yourself - they live in /etc/sysadmin/networks-scripts/ (IIRC). Just change the eth0-up and the1-up scripts and set them up. As long as you don’t go back in with the Sysadmin module, the interfaces should remain in place.
Thank you for your answer. I would prefer the problem to be located between the keyboard and the chair. I did not read the whole wiki and may have neglected somewhere small prints. That is why your help is useful. Let’s see.
