I was just in the situation where I needed to rebuild a PBX quickly, so I downloaded the latest stable FreePBX Distro 10.13.66 and went at it.
The networking at this location is what I’d call ‘normal’ for a small business PBX: a single static public IP, NAT, port forwarding of UDP 5060,10000-20000 limited by source IP for the ITSP. Yes, this configuration makes it difficult to add remote extensions…
When i built the new FreePBX Distro PBX, I had several problems, but the biggest was the new firewall. It said I needed to put the PBX in the ‘DMZ’, for starters. Well, where I come from that just isn’t done. It’s like telling your firewall to relinquish all firewall duties and hand them over to the PBX.
So, I struggled to disable the new firewall and fail2ban since the first thing that happened was all the extensions and the ITSP were firewalled off. Ain’t automation grand!
Ultimately, my question is this: what is a good, recommended configuration for the new firewall on a PBX behind NAT? Granted, I was in a hurry to get things working, but the wiki just didn’t seem to answer this most basic of questions.
Also, how do you install a new FreePBX Distro PBX without the damned thing firewalling off all your devices/peers?
Lastly, does this make securely adding remote extensions easier or better?
Thanks in advance,