Multiple nics, one for phones, one for external connection and one for admin

MacsOffice · December 23, 2017, 1:15am

I have the notion that 3 nics is a secure idea. I have the following idea in mind:

One for the SIP connection to the world
One for the phones themselves 192.168.200.x (with no gateway)
One for an administrative connection from existing business LAN 192.168.123.x that has a different external pipe.

I don’t see any examples of this config in the forum, most multiple nics are trying to bond for redundancy or throughput.

Question 1: Is this ridiculous? if so whats a better solution?

Question 2: How do I assign static IPs to this (Linux) machines ports? I know almost nothing about linux and this is my introduction to it at any depth. I am well versed in windows clients and servers and comfortable with networking in general but this Linux is all brand new.

The location is a church where they are always plugging rogue hardware into whatever plug they find so that’s why I’m trying to go this way.

I appreciate the help, I’m trying to get this working over the holidays.

arielgrin · December 23, 2017, 4:02am

Currently I’m using 2 NICs, one to connect to SIP provider, the other to connect to phones in local LAN. The important part is to correctly configure the static routes to be used by both NICs, so the connection to your SIP provider is routed through the appropriate NIC. Basic IP configuration can be done through FreePBX GUI, network routes must be configured manually, or at least that is the way I’ve done it.

mhetterm · December 23, 2017, 6:54am

I have 2 nics, one serving local extensions, and one serving SIP trunks, but both on same subnet/gateway … when I upgraded to SNG7 (Freepbx14 Distro) from 10.13 (Freepbx 13 Distro) I had to change some parameters, detailed here:

http://jensd.be/468/linux/two-network-cards-rp_filter

Just FYI …

MacsOffice · December 23, 2017, 6:59pm

arielgrin - Your config sounds like what I am looking for - if the nics showed up in freepbx gui I could just set them, but they don’t show, I assume because nothing has configured them with an IP.
They show in the header when I log on to ssh but only as mac addresses.

In windows I could set them with a static IP using either the gui or netsh but in this linux world I have no idea how to do that.
Nor do I know how to set a network route to accomplish what you mention.

Would you mind sharing some keystrokes ?

arielgrin · December 23, 2017, 8:54pm

You can start by defining the IP addresses of all cards by going into the system admin module. Log into FreePBX and go to Admin -> System Admin -> Network Settings. There, you should see your different ethernet cards on Network Interfaces. Set the desired IPs. Are you definitely going with 3 network cards? If you are, you will need to either set all phones to static IP, or provide a DHCP server on the network that the phones will use. If you want, you can install a DHCP server on FreePBX. Once you’ve done that, then you can define which network card should be used by the SIP trunk. Let me know once your cards are configured and working and in the meantime I will connect to my FreePBX to check the path and name of the files that must be created to define the routes.

MacsOffice · December 24, 2017, 4:25am

This project is messing with my self confidence. In the process of figuring out the network cards using ifconfig, got locked out of PBX gui, used fwconsole to log back in and I some how deactivated the installation. is the activation tied to the nics somehow?
I’m feeling pretty dumb.

arielgrin · December 24, 2017, 4:35am

The activation is tied to several components, one of them the NIC, but Sangoma support can probably fix that for you.

MacsOffice · December 24, 2017, 4:38am

I have no support tickets. I’m still trying to figure this out. I’m committed, bought 15 phones already. Maybe I need to spring for a hardware device. this might be too much to figure out for a neophyte like myself.

arielgrin · December 24, 2017, 5:00am

I can try to help you if you are willing to share a remote access, like teamviewer or similar. Just let me know.

MacsOffice · December 24, 2017, 5:18am

I would be willing - whats your time zone?

arielgrin · December 24, 2017, 3:30pm

I’m on GMT -3
It is now 1230pm

MacsOffice · December 24, 2017, 6:19pm

I’m on GMT-8. If you are serious about helping that would be great. I hate to give up on a solution that could save me bucks but I am really concerned about how fragile it is… Well, more accurately how fragile my inexperience makes it.
I have Christmas Eve stuff today and of course Christmas tomorrow. when is convenient for us to connect?

arielgrin · December 24, 2017, 7:11pm

If you can resist until tuesday that will work for me

MacsOffice · December 24, 2017, 7:25pm

i will try to keep my fingers off it .
teamviewer your preferred platform?

arielgrin · December 24, 2017, 7:36pm

That’s what I already have installed, but no preference at all

MacsOffice · December 24, 2017, 7:41pm

I have none so thats what I’ll get put in. You only need SSH and browser access right? I’m not installing anything on the FreePBX machine itself… that thing is cursed

arielgrin · December 24, 2017, 8:37pm

SSH is enough. Just make sure the PC with teamviewer can connect to FreePBX SSH

MacsOffice · December 24, 2017, 8:50pm

copy that - I’ll ping you here tuesday

cyberdocwi · December 26, 2017, 4:05pm

Good Morning,

I think it is awesome that you two are working together to get the church up and going.

I would first draw out a network diagram on how all of your pieces are wired, especially if you would like effective network support. I wouldn’t share that document publically, but having that information for a technical support person, especially one performing a remote support role, offers great insight on how the network is constructed.

It is best to configure the network and such within the FreePBX sphere, because FreePBX is a linux appliance that can overwrite scripts and other modifications during an upgrade cycle, and that could cause problems down the road.

Mac, I think you will find Linux refreshing to Windows. I support windows, using my Mac and Linux devices, and find Windows limiting and overly complex. I am not here to bash the OS, but rather encourage you to setup a Linux Virtual environment, perhaps using either VirtualBox or Hyper-V, and get a feel for the OS. FreePBX uses CentOS, but you might consider Fedora which is a testing ground for CentOS, and get a feel for the operating system. Having it in a virtual environment allows you to test the box right in front of your nose, and able to repair if you have easy access.

Networking commands, issued under the root user (or sudo), that you are interested in are:

ifconfig
route -n
ping
traceroute
dig

To find out more information about a command, type in man + command name, such as:

man ifconfig

and the system will display documentation concerning the command.

You may also wish to check out /etc/rc.d/rc.local for places to put commands to run on every startup, such as special routing statements, such as

route add -net 192.168.5.0 netmask 255.255.255.0 gw 192.168.1.1

… which would add a static route to the 192.168.5.0/24 network from your gateway at 192.168.1.1 (assuming you can see 192.168.1.1)

Best of luck to you!

Christian

MacsOffice · December 26, 2017, 7:06pm

Its these kinds of posts that make me think I can do this . As for configuring the ports, FreePBX didn’t even show them so I could configure them at all. I assumed that this was because they didn’t have an IP (even though they showed with a mac address in the boot header) so my bright idea was to assign static IP’s to eliminate that possibility. And thats when things went downhill.