Outside PBX network calling

FreePBX Endpoints
1

I am a newbie to the Asterisk PBX. I have installed FreePBX 13.0.151 and I am able to make calls to any devices setup and sitting on the same network. I would like to extend this when devices are out of the PBX network but available on the internet. Please note that am a newbie and the explanation should be easy to follow.

2

Are you trying to connect phones that are not on the same local network to your PBX?

3

Yes, that is what I want to do, but additionally the PBX is connected to the internet and so are the other soft sip phones.

4

There are several ways to do that. You can use OpenVPN for a secure way and probably easiest configuration, you also have TLS with SRTP.
If your phones will always connect from the same IP, then you have the firewall module so you can allow specific IPs. If the phones are using dynamic IPs, then you can use the responsive firewall. Don’t forget to correctly configure SIP NAT parameters in any case.
I recommend you read the wiki and do some googling by yourself before.

5

Thank you very much, I guess this is something someone must have already done. Under NAT settings I setup my public IP address and when I click detect network settings i get the following message "couldn’t resolve host ‘myip-freepbx-org’." Are there settings I need to change somewhere?

6

This is a basic networking problem.

From a shell prompt, can you ping myip.freepbx.org ? If not, can you ping 8.8.8.8 ? If not, can you ping the LAN address of your router?

If you can’t easily find the trouble, post the results of these commands:
ifconfig
route -n
cat /etc/resolv.conf

7

[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:C6:2D:37
inet addr:10.7.5.254 Bcast:10.7.5.255 Mask:255.255.0.0
inet6 addr: fe80::20c:29ff:fec6:2d37/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:339760770 errors:1 dropped:0 overruns:0 frame:0
TX packets:1532244 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:29365190959 (27.3 GiB) TX bytes:110635182 (105.5 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:10724717 errors:0 dropped:0 overruns:0 frame:0
TX packets:10724717 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1151669715 (1.0 GiB) TX bytes:1151669715 (1.0 GiB)

[root@localhost ~]#
[root@localhost ~]# cat -etc-resolv.conf
nameserver 127.0.0.1

Generated by NetworkManager

No nameservers found; try putting DNS servers into your

ifcfg files in -etc-sysconfig-network-scripts like so:

DNS1=xxx.xxx.xxx.xxx

DNS2=xxx.xxx.xxx.xxx

DOMAIN=lab-foo-com bar-foo-com

[root@localhost ~]#

8

[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.7.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 10.7.1.1 0.0.0.0 UG 0 0 0 eth0
[root@localhost ~]#

9

Please note that I had to edit to remove the links. Being a new member to this team, I am not allowed to post links.

10

If you have the file /etc/sysconfig/network-scripts/ifcfg-eth0

try editing it by adding
DNS1=8.8.8.8
DNS2=8.8.4.4

Save the file, reboot, test.

11

I still cannot ping myip-freepbx-org or 8.8.8.8

12

Can you ping 10.7.1.1 ? 199.102.239.92 ? 199.102.239.170 ?

13

I can ping 10.7.1.1 (my router) but I can’t and I don’t see how I can ping 199.102.239.92 or 199.102.239.170.

14

199.102.239.92 is the address of this forum, so it’s obvious that your PC can access it. Assuming that your PBX is on the same LAN, possible issues include:

iptables may be corrupted in a manner that is blocking the responses. Please post output of
iptables -vL

What is router make/model? If it’s primarily a firewall, there may be different rules applied to your PC and the PBX. Does it have a log that may show blocked accesses?

Possibly a subnet issue. Do you have any other hosts on 10.7.5.x that can access the internet ok?

15

It looks like I will require the help of our my local IT team. I will get back to you once I chat with them

16

[root@localhost ~]#
[root@localhost ~]# iptables -vL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
149K 18M fpbxfirewall all – any any anywhere anywhere

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 16074 packets, 1585K bytes)
pkts bytes target prot opt in out source destination

Chain fpbx-rtp (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp – any any anywhere anywhere udp dpts:ndmp:dnp
0 0 ACCEPT udp – any any anywhere anywhere udp dpts:terabase:hfcs-manager

Chain fpbxattacker (3 references)
pkts bytes target prot opt in out source destination
0 0 all – any any anywhere anywhere recent: SET name: ATTACKER side: source
0 0 LOG all – any any anywhere anywhere LOG level warning prefix `attacker: ’
0 0 DROP all – any any anywhere anywhere

Chain fpbxblacklist (1 references)
pkts bytes target prot opt in out source destination

Chain fpbxfirewall (1 references)
pkts bytes target prot opt in out source destination
12317 1340K ACCEPT all – lo any anywhere anywhere
811 60888 ACCEPT tcp – any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT udp – any any anywhere anywhere udp spts:tcpmux:1024 state RELATED,ESTABLISHED
463 28632 ACCEPT icmp – any any anywhere anywhere

17

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.